What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). Adopted in April 2016, the GDPR adds to the EU’s general policy of protecting the data of its citizens. It sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. GDPR covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers in financial services, healthcare, utilities and many other business sectors. GDPR best practices require the ability to obtain valid consent from EU customers to allow for the lawful collection and processing of personal data—as well as the ability for those customers to withdraw their consent. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Is Your Enterprise Prepared For The Rigors Of GDPR Compliance?
Companies that collect data on citizens in European Union countries will need to comply with strict new rules around protecting customer data by May 25, 2018. Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information (PII). Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number. However, GDPR leaves much to interpretation. It says companies must provide a “reasonable” level of protection for personal data, for example, but does not define what constitutes “reasonable.” This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance. According the PwC GDPR Preparedness Pulse Survey, survey, 68 percent of U.S.-based companies expect to spend $1 million to $10 million to meet GDPR requirements. Another 9 percent expect to spend more than $10 million.
Steps Your Enterprise Can Take To Start Preparing For GDPR Compliance
Companies that place the utmost importance on the data privacy of their customers are already providing systems and services that meet or exceed the GDPR. If your enterprise isn’t in compliance, here are some steps to get started:
- Create a sense of urgency from the top down.
- Involve all stakeholders.
- Conduct a risk assessment.
- Consider hiring or engaging a Deputy Protection Officer (DPO).
- Create a data protection plan.
- DON’T FORGET MOBILE. According to Lookout’s Finding GDPR Noncompliance In A Mobile First World report, 64 percent of employees access customer, partner, and employee PII using mobile devices.
- Create a plan to report your GDPR compliance progress.
- Implement measures to mitigate risk.
- If your organization is small and you need assistance, ask for help.
- Test incident response plans.
- Set up a process for ongoing assessment.
Attila Security is committed to protecting your enterprise’s communications and data. Learn more about our award winning products and solutions.