GDPR – Turning a Challenge into an Opportunity
As of May 25, 2018, non-compliance with GDPR (General Data Protection Regulation) can be fined with severe penalties of up to 4 % of total turnover or Euros 20 Million, as well as the cost of compensation claims. The GDPR applies to any organization domiciled in the EU (European Union) that is processing personal data. It also affects companies domiciled outside the EU, which promote their services within the EU and as a result process personal data of individuals in the EU (“data subjects”). Therefore, the GDPR topic ranks high on the agenda of many large organizations domiciled either within or outside the EU. Most affected are B2C segments like Banking, Insurance, Healthcare, Telecoms, Legal and Education, etc.
The next steps in becoming GDPR compliant
The approach to GDPR compliance
In principle, the approach to GDPR compliance is simple; companies assess how GDPR affects their business, gaps are identified and measures are taken. In practice it’s more complex; assessments typically show that only a small portion of companies are compliant with the GDPR requirements and that they have not full visibility of where and how in-scope information is held. This creates a high level of risk, as not knowing that information exists, will not be an excuse. The burning issues are:
- Policies, controls, processes, roles and responsibilities in handling personal data
- Acquisition, storage, retrieval, processing, usage, change and destruction of personal data
- Manageability of digital and physical data in a structured or un-structured format
- Confidentiality, integrity, security, availability and resilience of data handling
- IT platforms, systems, databases
- Transparency rules, information obligations and audit rights