GDPR — a topic that requires no further introduction at this stage.
If you have been following the news, GDPR takes effect May 25 and will affect any businesses that process or handle data of citizens of the European Union. The real question surrounding this issue is ‘How ready are you?’
In this blog, we summed up the top 3 checklists to self-evaluate your organization’s readiness for D-day.
Are the C-suits on-board?
“Top-down” or “bottom-up”, which management direction would befit this scenario? Though often debatable, there’s no question that the C-suits play an important role in leading company staffs on the right track and getting everyone on-board. Aside from clear goals, leaders of the company should help paint the bigger picture, which is to stay compliant as well as keep the business going. Employees, on the other hand, should also be aware of the changes and share the responsibility when it comes to keeping customers data in check.
Understanding the ramifications of non-compliance is important when bringing forth GDPR. If the company has been constantly educating their employees and providing proper training, then your organization is on the right track. In return, employees should start practicing compliance and making it a culture within the organization.
Are you familiar with your organization’s data architecture?
GDPR is all about safe-keeping those sensitive data and having someone being liable for it if any breaches or mismanagement were to occur. To avoid paying hefty fines, it is crucial to familiarize yourself with your organization’s data system. How the data is being stored, managed, used, and integrated are all important measures organization needs to address. When under assessment to be compliant, you would want to know all these information at the back of your hand.
For example, data portability is one of the newly introduced sections that gives a customer the rights to have their data transferred or even removed completely. Knowing where these data are stored and managed will come in handy and necessary in similar situations. If you are still unsure, perhaps it is best to nudge the right department or even proactively research your organization’s data architect. One way or the other, being in the know is better than being in the dark.
Is there a contingency plan?
Article 33 of GDPR stresses that in case of a data breach, it is mandatory to report the incident no later than 72 hours after being aware of it. Reporting the incident is just Plan A. The main concern here is Plan B – a contingency plan. Experts advise working out several action plans for emergencies cases. If your organization is deploying technology to manage data security properly, or even hiring a third-party to do so, know that you’re checking out the most important thing off the list.
However, even with the most advanced technology, there will still be gaps that can’t be filled. Do not solely rely on the vendor or technology to keep your data asset safe. Stay alert and be informed at all times. Despite the constant effort to keep hackers at bay, to err is human. Having several action plans coupled with a solid security solution can minimize the probability of leakage or even prevent hacking altogether.
