GDPR – Turning a Challenge into an Opportunity
As of May 2018, non-compliance with GDPR (General Data Protection Regulation) can be punished with severe penalties of up to 4 % of total turnover or Euros 20 Million, as well as the cost of compensation claims. GDPR applies to any organization dealing with information related to individuals located in the EU (European Union). It also affects companies from outside the EU, that promote their services within the EU and process personal data of individuals in the EU (“data subjects”). This means that GDPR is high on the agenda for many large organizations, both within and outside the EU. Most affected are B2C segments like Banking, Insurance, Healthcare, Telecoms, Legal and Education, etc.
The next steps in becoming GDPR compliant
The approach to GDPR compliance
In principle the approach to GDPR compliance is simple; companies assess how GDPR impacts their business, gaps are identified and measures are taken. In practice it’s more complex; assessments typically show that only a small portion of companies are compliant and don’t have full visibility of where and how in-scope information is held This creates a high level of risk, as not knowing that information exists will not be accepted as an excuse. The burning issues are:
- Policies, controls, processes, roles and responsibilities in handling personal data
- Acquisition, storage, retrieval, processing, usage, change and destruction of personal data
- Manageability of digital and physical data in a structured or un-structured format
- Confidentiality, integrity, security, availability and resilience of data handling
- IT platforms, systems, databases
- Transparency rules, information obligations and audit rights