If you haven’t heard of EU’s General Data Protection Regulation (GDPR), it is currently one of the most searched topics in 2018. It is a compliant regulatory that will widely affect any businesses that have dealings with EU or handling of data belonging to citizens of EU. To top that, GDPR will take effect starting May 25, 2018, at which if organizations are found to be non-compliant, may face hefty fines up to 20 million Euros or 4% global turnover.
Does GDPR apply to businesses established outside of EU? Yes, it does. GDPR penalties have ‘no boundaries’. As long as the organization holds data belonging to citizens of EU, being compliant is the only way to avoid paying large fines. It doesn’t matter if you’re a small-medium enterprise (SME) or just a curious reader, this blog sums up five tips we think would be useful for all.
Tip 1: Stay Informed
One week left to GDPR implementation date and how does the world fair in terms of awareness? Research conducted by the Department for Digital, Culture, Media, and Sport (DCMS) revealed the level of awareness falls far short of expectations in the UK with only 38% of businesses and 44% of charities have heard of the regulation. The low awareness at this stage is all and all quite shocking.
GDPR is brought to light to stress the importance of data security and to bring companies, regardless of size, liable for the sensitive information they collect for business purposes. Despite similar regulatory being implemented throughout, GDPR will supersede the Data Protection Directive and harmonize other data privacy laws across Europe. Start by educating yourself and the company staff. The internet has unlimited resources when it comes to information.
Tip 2: Seek Advice from Experts
If cybersecurity and data protection is altogether too new of a field, make sure to seek for assistance from others. An experienced cybersecurity firm with a long-standing track record can better help your organization prepare and adjust to what’s about to come. IT departments of any organization should be trained and coached to properly manage all stored data.
Oftentimes, executives are not aware how customers’ data are being administered. With the new GDPR regulation, customers have the rights to know how their information is being processed as well as the “right to be forgotten” (removal). And so what might seem irrelevant knowledge at a time could be crucial to your future business dealings.
One of the newly introduced sections of the reformed GDPR is the call for transparency, which requires organizations to rewrite their privacy policies to be more robust, concise, and clear. With the enhanced privacy rights being introduced, it’s no surprise old privacy notice should also go through an uplift.
Tip 4: Continuous Observation
Rome was not built in a day, important work takes time. GDPR was adjusted to suit the current cyberworld developments. Several decades ago, who would have thought the world will be as digitized as it is today. Current cyber regulations still have a long way to go to achieve an all-comprehensive law that will keep individuals’ personal information safe and fair.
As such, step four is similar to step one, whereby constant observation of current progress and development is needed to stay ahead. Keep up with current trends and know how cyber laws are changing together with it.
Tip 5: Be Prepared for Assessment
The legislation is there for a reason. And authorities are ready to penalized whenever necessary. Be prepared to face assessment from authorized parties to validate your policies are in-line with the new changes. Ignorantia jusris non excusat, which translates to ‘ignorance of the law does not excuse’. Once GDPR is set in place, conditions should be met. Therefore, It is always a good practice to be prepared.
One common advice all experts share is, allocating sufficient budget for implementing security strategies. Bear in mind that additional encryption software or hardware appliances do not come cheap. However, all the initial investment could one day save you from larger fines in the future in the event of a security breach.