365 Days to Go for GDPR – How Ready Are You?
25 May 2017 | Michael WaksmanPart of my work at Jetico involves getting the company ready for General Data Protection Regulation (GDPR) compliance. The deadline of May 25, 2018 is fast approaching. With only 365 days to go, it's now time to get serious about data protection and comply.
If you haven't looked at the new regulations (or you have and you're pulling your hair out), this blog is for you. First, know that you're not alone - a recent study shows that over half of the organizations affected by the new law have not begun to make a move on GDPR compliance. Second, know that it's not all that bad! Like many official tasks, there is a process to becoming compliant. Just take it one step at a time and you are sure to avoid losing any more hair.
GDPR in a Nutshell
- What?
Let’s start by looking at what the General Data Protection Regulation is and what it isn't. The European Commission defines the Regulation as "an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market." This translates into several changes and additions to current laws surrounding an individual's data, including the Right to be Forgotten and easier access to one's data. - When?
Although the regulations have been in place since May 24, 2016, affected organizations have until May 25, 2018 to become compliant. The two-year time to comply is good news, although the time is fast approaching when enforcement of the GDPR will begin. - Who?
If your company handles any European personal data, whether you're inside or outside of the European Union, you are subject to the General Data Protection Regulation. No matter your…
- Industry
- Company size
- Location
The wording of the regulation is such that if you process data and offer goods or services to members of the EU then you must comply with the GDPR.
Costs of Non-Compliance with GDPR Could Be Devastating
For organizations, the new rules will be enforced with a strong arm. If a company chooses to forego compliance, for whatever reason, they can be fined up to 4% of their global annual turnover. Here is a summary:
For offenses related to:
- Child consent
- Transparency of information and communication
- Data processing, security, storage, breach, breach notification
- Transfers related to appropriate safeguards and binding corporate rules
Fine = €10 000 000 EUR or 2% Global Turnover
For offenses related to:
- Data processing
- Consent
- Data subject rights
- Non-compliance with DPR order
- Transfer of data to third party
Fine = €20 000 000 EUR or 4% of Global Turnover
The penalty will be whichever number is greater, either the flat fine or the percentage of global turnover.
Get Ready for GDPR
Preparing for compliance may look daunting at first glance, but there are ways to reduce the pain.
- Understand where your data lives
It's your responsibility to know where your data is, even if you outsource data storage to a cloud provider. Request the details from your provider, and use transparency as a metric of quality. - Get organized
After determining where your data resides, it's crucial to get (and stay) organized. Start by creating an inventory – sort data by importance to your company and by level of risk. - Put someone in charge of data protection
Certain addendums to the General Data Protection Regulation require that some companies appoint a Data Protection Officer. As an organization, you may already have a position like this. But if not, it's a great idea to appoint someone to that role. It sends a message that you take your consumers' data seriously enough to have someone responsible for it. Not only will your consumers get that message, but so will compliance officers when it comes time for an audit. - Write up a contingency plan, in the event of a worst-case scenario
Downtime may not be an option for your organization. So consider costs and pencil in a detailed plan of what you'll do if the hammer comes down hard. - As a failsafe, consider disk encryption software
The GDPR allows for encryption of data to exempt a company from breach notification responsibilities. For example, if a laptop is lost or stolen, but the data is encrypted, then you would not need to report a breach. Because the data is not understandable by anyone not authorized to use it, you can minimize third-party risks this way.
Don't let the GDPR sneak up on you. Employ the old scout adage, "be prepared", and you'll be glad you took the extra time and effort.
GDPR Encryption by BestCrypt from Jetico
Jetico provides pure and simple file and disk encryption software for National Security, Compliance and Personal Privacy. Already trusted for HIPAA compliance, Jetico's BestCrypt delivers GDPR encryption for peace of mind.
Get started now!
Request a free trial
Contact us for a free consultation
Michael Waksman has been serving as CEO of Jetico since 2011, more than doubling the size of the company during his tenure. He brings more than 20 years of communications, technology and leadership experience.
At Jetico, Waksman has lead creation of the corporate identity, raising global brand awareness, building a more commercially-driven team and initiating enterprise customer relations. Jetico has maintained a wide user base throughout the U.S. Defense community, in the global compliance market and for personal privacy.
Waksman served as vice-chairman of the Cyber Group for the Association of Finnish Defense and Aerospace Industries. Recognized as a security and privacy advocate, he is a frequent speaker at international events, occasionally on behalf of the Finnish cyber security industry. In 2012, Waksman was honored with The Security Network's Chairman's Award for fostering collaboration between the United States and Finland. As dual citizen, he is a native New Yorker and has been living in the Helsinki region for over 15 years.