The European Union’s General Data Protection Regulation or GDPR will took effect on May 25, 2018. The intent of the regulation is to protect the personal information of people in Europe (“Data Subjects”). Generally speaking, anything that identifies a data subject is to be protected. It also provides citizens the ability to protect their own information by doing such things as moving their data (aka, “data portability”). The regulation can affect any business, small or large, that houses data on EU customers. It also applies to companies worldwide that target their goods or services to EU data subjects. Companies are responsible for making sure that data is being stored in accordance with the new regulation, and need to understand both the risks of non-compliance and the benefits of compliance. If not they risk large fines for not complying.
Some questions to ask yourself:
- Does the GDPR apply to our business?
- Have we done a GDPR risk assessment?
- Have we done data mapping, gap analysis and remediation?
- Are the technologies we are using sufficient to meet the requirements of the GDPR?
- What are the gaps in our privacy safeguards?
- What are the quickest ways we can become compliant?
- How can we continue to innovate and still stay compliant?
- How can we maintain sustainable GDPR compliance?