GDPR Readiness: Compliance Deadline Looms, Confusion Remains
With Europe’s General Data Protection Regulation set for prime time on May 25, 2018, network security provider WatchGuard has produced a study looking at how well organizations understand the law, its impact on their business, and their readiness for the compliance deadline. Bottom line: Any company that stores or processes personal information about EU citizens must comply with the GDPR’s privacy laws. The study’s results show organizations still lack a clear understanding of exactly how it applies to them. Do they realize they’re adrift in treacherous waters – penalties for noncompliance are steep, up to four percent of global sales? Maybe yes, maybe nosome 44 percent of respondents don’t actually know how close their organization is to complying with the law. Who knows? 37 percent of organization don’t know if they need to comply with GDPR, while 28 percent believe their organization doesn’t need to comply at all. Of the organizations that don’t believe the law applies to them, 14 percent collect personal data from EU citizens. Some 28 percent that are unsure about GDPR compliance also collect this type of information. In the Americas, just 16 percent of organizations believe they’ll need to comply. Who’s ready? Despite knowing about GDPR for a while, only one in 10 companies said they’re 100 percent ready for it. Getting there: 86 percent of those organizations recognizing they need to comply with GDPR believe they have a compliance strategy in place with firewalls, VPN and encryption security technologies. Work left to do: 51 percent said their organization will need to make significant changes to their IT infrastructure in order to comply with GDPR. 5. The pressure is on: Respondents from organizations that are not yet GDPR compliant figure it will take them seven months to get the job done. About 48 percent are looking for third-parties to help out. Every company with access to data from European citizens needs to understand GDPR and its impact, said Corey Nachreiner, WatchGuard CTO. “Unfortunately, the data shows that an alarming amount of organizations are still unaware or mistaken about the necessity for GDPR compliance, leaving them three steps behind at this stage,” he said. “The only way to prevent unnecessary fines and frustration is to take a good hard look at the criteria, assemble a GDPR plan of action and begin implementing it immediately.”
The GDPR Overview
You’ve probably heard mention of the GDPR, and likely have many questions about its scope, implications, and potential effects, both on your own business, and for the domain industry as a whole. What is the GDPR?When is the GDPR going into effect?What is the purpose of the GDPR?How will the GDPR impact your business?How should you prepare?How is OpenSRS preparing?Resources. Lays out a new set of rules for how the personal data of people living within the EU should be handled. Clear, informed consent and individual control over the use of personal data are basic rights in the GDPR. Any business taking personal data must not only obtain consent, but also explain what they need the information for. The GDPR imposes requirements around how companies should address security breaches that expose sensitive personal information. What is the purpose of the GDPR? The GDPR helps protect individual privacy in the digital age. The European Union views the protection of personal data as nothing less than a fundamental human right, alongside other rights such as freedom of expression, freedom of thought, and the right to a fair trial. Although there are other existing privacy laws in effect already, the GDPR is different in its scope of applicability and because significant fines may be levied for non-compliance. The GDPR replaces the 1995 EU Data Privacy Directive, harmonizing privacy laws across the EU. Once it comes into effect on May 25, 2018, it will be law in all EU member states. You have customers who live in the EU. You now need to ensure that you’re obtaining permission from these customers to use their personal data, and meeting the updated requirements surrounding its handling. Before the GDPR comes into effect in May 2018, you’ll want to make sure you’re compliant. While the rules outlined in the GDPR apply only to EU-local individuals. How should you prepare for the GDPR? It’s important to get started now so you’re able to fully understand the implications the GDPR could have upon your business, and plan effectively to meet the updated requirements. We already store your data securely, but we’re doing some internal review to see how we can strengthen our protections to keep information safe. We would like to reinforce this point: Tucows does not share personal data beyond what’s needed to provide the service that the client ordered.
The GDPR will cause challenges for connected care developers
According to a new research report from the IoT analyst firm Berg Insight, the upcoming implementation of the General Data Protection Regulation in 2018 will cause challenges for companies in the telecare industry. Telecare and telehealth apps and devices are potentially generating huge amounts of data that could be used for various purposes. Today, data is increasingly more used to help patients without the need of the patient’s own active involvement. This includes various kinds of health data as well as user location and movement data which could be used to identify abnormalities. If a user does things differently, for example not leaving or going to the bed as usual, a notification can be sent to relatives or care givers. Legislative authorities in the EU are developing and designing legal frameworks that should be in line with the new data driven world of mobile health. As part of this, the European Commission will in 2018 implement a General Data Protection Regulation that aims to harmonise data protection rules in the EU, ensuring legal certainty for businesses and increasing trust on eHealth services with a consistent high level of protection of individuals. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive and it becomes enforceable from May 25 next year after a two-year transition period. It does not require national governments to pass any enabling legislation and will be directly binding and applicable. “While the future is data driven, end-users do care more and more about integrity aspects. The GDPR aims to increase privacy for the end-user which is a step in the right direction. The regulation by default actually prohibits processing of health data unless explicit consent has been given. At the same time, this will cause challenges for those telecare and telehealth solution providers that are not proactively working on their preparations.” “If the solution providers are not enough prepared for handling, processing and storing sensitive data in accordance to GDPR, they could risk heavy fines if not fulfilling the requirements”, says Anders Frick, senior analyst, Berg Insight.