The General Data Protection Regulation (GDPR) was adopted by the European Parliament in April 2016. These new provisions apply set out a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data across borders.
The GDPR will apply to all EU member states and to organisations outside the union when processing the data of citizens from within the EU, so there is a good chance it applies to your organisation aswell.
The key requirements laid out by the GDPR include
Anonymising collected data to protect privacy
Providing data breach notifications
Requiring the consent of subjects for data processing
Safely handling the transfer of data across borders
Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Organisations preparing for GDPR will find that their process needs to change. In companies where the IT department is still largely independent of other departments, it will now need to integrate and collaborate closer with other departments to ensure the security of shared data and compliance.
Organisations whose IT departments currently communicate with other the departments will need to continue in order to comply with new legislation.
It is recommended that organisations start by prioritising actions to prepare for the impending requirements start by:
Appointing roles dedicated specifically to data protection
One individual to act as a contact point for the Data Protection Authority (DPA) and data subjects and a data protection officer (DPO) to ensure processing operations are compliant.
Demonstrating accountability for all processing activities transparently, check how data flows across different borders both within the EU and outside it. Who are the controllers for example.
Preparing for data subjects to exercise their extended rights, in areas such as the right to be forgotten, removed from all servers completely and the right to be informed of a data breach.
Don’t wait until it’s too late
GDPR legislation due to be implemented in 2018 will be far-reaching consequences especially for IT departments. In order to properly prepare for this, your budget will need to include the costs of those tools which will be needed to achieve compliance.