GDPR Report – Will you be Compliant?
According to a recent GDPR report from Symantec, 96% of businesses are under-prepared for the General Data Protection Regulation (GDPR) which will be enforced from May 25th 2018. Penalties for non-compliance will be up to 4% of annual global turnover or €20 million, whichever is greater.
The report showed that nearly one in 10 companies said all employees can access customers’ personal information, with one in 20 stating that all staff can access customers’ payment details. Surprisingly, the report also revealed that only 22% of businesses consider compliance a top priority in the next two years, despite the approaching GDPR deadline.
Having ran our own GDPR event in Belfast, P2V Systems can conclude that businesses here are indeed taking the topic very seriously. The majority of attendees said that they have already started their preparations for GDPR compliance.
It’s little wonder these organisations are giving this forthcoming legislation the attention it deserves considering the hefty fines for non-compliance.
The GDPR is designed to protect all EU citizens from privacy and data breaches and to manage how organisations deal with data privacy.
The regulations will apply to any organisation that processes the personal data of individuals who live in the EU. This is regardless of the location of the company. So, Brexit will make no difference to UK companies as they will still need to comply.
The rules apply to both data controllers, those who say how and why personal data is processed, and data processors, acting on the controllers’ behalf.
In order to comply, organisations will have to put in place measures and controls around the management of data security. This includes:
- Personal Privacy – Under the GDPR, individuals gain many more rights including requesting free access to their personal data known as a Subject Access Request (SAR).
- Controls & Notifications – Organisations must protect personal data using appropriate security mechanisms.
- Transparent Policies – Organisations are required to have clarity around the collection, use, retention and deletion of data.
- IT & Training – Organisations must also provide staff with the appropriate level of information security training and have policies in place to manage the data.
The responsibilities organisations must meet in order to be GDPR compliant cannot be underestimated. Time must also be allocated to update policies and procedures to ensure these responsibilities can be managed.
Whilst all this may seem daunting, technology can accelerate your journey to GDPR compliance and help you manage your compliance responsibilities.