Sift through the noise and learn what GDPR means to your organisation.
You’ve probably heard a lot about GDPR in the past several months and may be wondering, “what does it actually mean to us as an organisation?” We take a look at what the realistic implications are and what things you need to consider in relation to IT ahead of May when GDPR comes into force.
The General Data Protection Regulation (GDPR) replaces the Data Protection act as the new EU data protection law, with improved data protection for individuals at the heart of it. The key changes are to individuals rights which under the new regulation are as follows:
- Right to object
- Right to access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to data portability
To simplify this, individuals can request access to data an organisation stores on them, or request to have the information updated or even completed removed. The implication is that all information your organisation stores on individuals must be readily accessible and interrogatable.
The regulation covers all data an organisation stores including servers, cloud storage, staff computers, removable media, paper copies and even mobile devices. Added to this challenge is that requests received must be acted upon within one month of receipt.
In addition to the above, an organisation needs to be able to show evidence of securing data and minimising the risk of data breaches. So what considerations do you need to make to ensure you’re are compliant?
GDPR Compliance is something that an organisation will continuously be working towards and it’s important that you can show evidence of this. If for example a data breach were to happen this would need to be reported within 72 hours included with measures being taken to mitigate adverse affects.
As such, it is the responsibility of an organisation to ensure adequate cyber security measures, such as Microsoft EM+S, are in place to reduce the chance of a breach.
In summary, what being GDPR compliant likely means to you as an organisation is that you’re confident that you have adequate security and processes in place to prevent and contain breaches, and that you know where all of your data resides and are comfortable in accessing it.
It’s important to note that if you are found to be in breach of GDPR law, you could be subject to a €20 million or 4% of annual global turnover fine – whichever is higher. Whilst a severe fine like this is likely to be reserved for larger corporations, all organisations are subject to these penalties so need to be sure of their compliance.
Via our partner GDPR Auditing we’re able to offer GDPR audits, training and consultancy to get you GDPR ready.
Need help with GDPR?