what does it mean to an organisation?
From May 2018, new data protection laws will change. This affects how you deal with consumer data and individual persons’ information. To assist local organisations we’re holding a number of free events and training workshops. To explain the importance of understanding your responsibilities we have joined forces with HEXAD Information Security Services. This free two-hour session outlines the GDPR and explains the major things your business must do to meet the requirements of GDPR. This includes the legal responsibilities of directors and board members and what they can do to become and remain compliant. Following on from the seminar, in conjunction with HEXAD, is the opportunity to attend separate training workshops. The workshops provide hands-on training and are tailored to your type of organisation. The workshops are being offered at introductory discounts for a limited time. What else should I know about the GDPR? It will be a requirement that all organisations providing goods and services to EU residents to conform to the rules it lays down, or face serious penalties. “The new legislation creates an onus on companies to understand the risks that they create for others and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.” It is a data protection law and ‘Business Risk’ issue. The Information Commissioner’s Office, the UK data privacy regulator, has stated that directors will be personally responsible for breaches. What are the Penalties for non-compliance with GDPR? Penalties for non-compliance will be severe. The responsibility for compliance with the GDPR will, in practice, fall on the company’s directors. The Information Commissioner’s Office is at present empowered to request personal undertakings regarding future conduct from board members to ensure that the company complies with its data protection obligations.
GDPR: Enabling Digital Transformation in the EU
There is a growing amount of personal information and data available on the internet that is accessible to an infinite number of businesses and organizations. In regard to this, there is something we must keep in mind: GDPR. The General Data Protection Regulation affects all businesses in the European Union. It also affects businesses that offer services to EU citizens, monitor their behavior, or obligate them to give information extracted from data processors. What will happen to the IT security sector once the BREXIT is in full swing? Two facts influenced the title of this article: Businesses are currently immersed in a technological revolution. Cybersecurity has opened the door for Digital Transformation. 43% of company heads consider that security should be the first priority when implementing Digital Transformation. IT security is a true business value because businesses cannot be digital without first protecting themselves. 1- The baseline scenario for most organizations and companies larger than 250 employees in the EU: institutions who have successfully empowered employees with business silo information, who have implemented Big Data tools, and generated trillions of data files from productivity tools. 2- To fix the IT problem we need to take back control of the distributed information silo and comply with rules 12-21 of the GDPR while satisfying the growing demand for digital transformation. This suggests that there is a greater distribution of business data that is both quick and automatic. The results have been positive with a different operational impact deriving from the GDPR based on intelligent threat platforms like Panda Adaptive Defense 360. The future of GDPR after the BREXIT. These changes should be in full swing by mid-2018. It is uncertain how to anticipate the GDPR changes, especially when it comes to implementing operational changes related to cross-border data transfer. We will continue to look over the current regulations and wait for GDPR updates following the BREXIT. Stay tuned!
GDPR Journal: On The GDPR Track, Our Compliance Roadmap
In case you missed my first post, I am documenting our GDPR compliance journey, from where I sit as an in-house attorney working for an EU and International SaaS company. Take your mind back It’s the end of May – one year before the new EU data regulation comes into effect. And internal meetings with various departments to verify feasibility, I finalized our GDPR compliance roadmap. Here are the steps I came up with and the related calendar to bring our company up to speed from point A to C. Summary May – June 2017: Nomination of Data Protection Officer July 2017: Training. Security and data privacy training sessions to be put in place for all employees and contractors. Process to notify controller without undue delay after becoming aware of personal data breach and document such breach. Record of processing activities, including, purposes of the processing, description of the categories of data and recipients, any transfers. Provider contracts to ensure compliance with GDPR, and to make any necessary amendments; a review & update of our current company insurance coverages; to put in place the requisite processes; a periodic review and control. Guarantees by processor to implement appropriate technical and organizational measures to ensure the protection of the rights of the data subjects & Update data protection agreements and appendices. Identify cross-border data flows and review current mechanisms in place. October – November 2017: Data protection by design and by default. Technical & organizational measures to ensure that, by default, only personal data which are necessary for each specific purpose of processing are processed. Implement data protection principles, such as data minimisation. Assessment of the impact of processing operations on the protection of personal data with advice of the DPO. Now off to implement these wonderful concrete steps. Are you currently in the process of becoming GDPR compliant? Tell us about your compliance journey and the biggest pain points of your experience so far on Twitter.