The deadline for GDPR implementation is approaching fast. By 25th May 2018, all UK and European businesses will have to ensure they’re compliant with the new raft of EU data protection legislation, or risk fines of up to 4 percent of annual turnover, or up to a €20 million fine.
The rules come into force before Brexit, and will be replaced by the very similar Data Protection Bill after it, so those who might still be relying on the UK’s departure from the EU to avoid compliance are out of luck. Don’t underestimate the task ahead if you’ve barely considered the rules’ implications – many companies will require a total cultural shift in order to meet the regulatory requirements. With all of this in mind, here are five recommended steps to checking your organisation is up to speed:
Forewarned is forearmed
The new regulations place responsibility for any security breaches firmly at the doors of the company concerned. While you might have a firm grasp of the risks involved and how to mitigate them by now, the same may well not be true of other staff in your organisation.
Remember, hackers are incredibly skilled at identifying the weak point in a company and exploiting it. It only takes one ill considered password or nefarious email to spell disaster. Make sure everyone that needs to be is fully up to speed on best practices, especially how to spot and resolve potential dangers.
Time is of the essence
An estimated three in five businesses are expected to have been victims of security breaches by the end of 2017. If your company is one of the unlucky ones, your most effective defences are compliance and swift action.
The new regulations state that an organisation’s data controller must notify data protection authorities of any attempted breach involving risk to individuals’ privacy within 72 hours of their learning of it. Any individuals affected should also be told as soon as possible. It is also down to a data processor to inform a company’s controller about a hack. Obviously, having a specialist team in place and planning a company-wide procedure to deal with the worst case scenario will mean you avoid breaking the new rules and protect your organisation.
Have an action plan
There’s plenty of advice out there, and many firms will already have procedures in place ready for May 25th, but for those needing a thorough, foolproof guide to GDPR conformity, check out IBM’s step-by-step GDPR compliance guide.
Steps include tips on recruiting specialist staff (a process that most firms should have already completed); ways to demonstrate accountability, transparency and trust; testing how data flows across EU borders and a guide to fundamental privacy rights that the regulations protect.