What is GDPR?
The General Data Protection Regulation (GDPR) was adopted by the European Parliament in April 2016. These new provisions apply set out a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data across borders.
The GDPR will apply to all EU member states and to organisations outside the union when processing the data of citizens from within the EU, so there is a good chance it applies to your organisation aswell.
The key requirements laid out by the GDPR include
Anonymising collected data to protect privacy
Providing data breach notifications
Requiring the consent of subjects for data processing
Safely handling the transfer of data across borders
Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Organisations preparing for GDPR will find that their process needs to change. In companies where the IT department is still largely independent of other departments, it will now need to integrate and collaborate closer with other departments to ensure the security of shared data and compliance.
Organisations whose IT departments currently communicate with other the departments will need to continue in order to comply with new legislation.
It is recommended that organisations start by prioritising actions to prepare for the impending requirements start by:
Don’t wait until it’s too late
GDPR legislation due to be implemented in 2018 will be far-reaching consequences especially for IT departments. In order to properly prepare for this, your budget will need to include the costs of those tools which will be needed to achieve compliance.
There is no better time than now to look at your current processes to determine where data exists, how it is being stored and whom is being tasked with your asset data sanitisation, storage and disposal For additional information on the GDPR Legislation head to the ICO