Now that the GDPR has finally arrived, organisations must take the appropriate steps to ensure that they know where their sensitive data resides. The duty of care now rests fully on the business to meet the requirements of compliance. In this video, John Cassidy, Ground Lab’s Global sales leader gives a comprehensive presentation on the best strategies to help organisations deal with the GDPR.
Organisations that store personal data of any kind must report data breaches to the affected parties within 72 hours, fulfil Subject Access Requests within 30 days and in addition, execute requests for the deletion of stored personal information (The Right to be Forgotten). The activities highlighted above are now essential for organisations to fulfil in order to achieve GDPR compliance. However, achieving and maintaining compliance are two different tasks.
The GDPR has evolved from outdated data protection laws and now adds updated and unified data security features. The symbiosis of many data protection ideals has grown into one another to create a welcome step forward for data transparency in the European Union. With personal data becoming an attractive target for hackers looking to sell it on the dark web to the highest bidder, the new updated data protection laws have been widely welcomed by industry. With high profile scandals such as the Facebook and Cambridge Analytica incident becoming more and more frequent, the new EU law provides some solace for citizens who are concerned about the fate of their personal data.
John Cassidy suggests that the best way for organisations to achieve GDPR compliance is for all departments to act in unison. There is a common view that the IT department should be responsible for GDPR protocols but this simply cannot be the case because compliance, once achieved, must become common practice. The IT department, for example, cannot be expected to manage the data of Sales, Marketing and Finance. Inter-departmental cooperation is necessary to avoid data stagnation and to make certain that GDPR compliance activities become a regular part of day-to-day business practises. With all departments working together to manage the flow of information, the organisation as a whole will find itself functioning comfortably within GDPR compliant parameters.
There are no quick fixes for GDPR compliance. Continuous monitoring is the only way to stay within the boundaries of the new legislation and not break the law. In cases where companies are processing large volumes of data each day, the duty of care falls on them to make sure that effective systems are in place to monitor and manage the information. If a GDPR regulator performs an audit and finds a myriad of sensitive personal data cast carelessly into a recycling bin and forgotten or old sensitive information left archived on a disused database, they will not hesitate to penalise.
A commonly held thought by individuals within the data processing industry is that a data tsunami is coming. And with the GDPR now in full effect, that time has never been closer. Organisations must take care in case they fall victim to a massive data breach that could prove extremely costly, both in terms of finance and reputation.
Wherever sensitive data is being stored, it is imperative that organisations keep it in an easily accessible and carefully organised way in order to deal with any compliance related queries in a timely manner.
Organisations that follow this best practice guide for regularised compliance activities and adopt the habit of interdepartmental concurrence will find that GDPR compliance will become a part of their daily business. With this, the process of dealing with the GDPR will be smooth and easy, and all consequences of non-compliance will be avoided as a matter of course. Ultimately the GDPR is about promoting data governance in organisations so consequently organisations that make compliance a part of their usual practises can rest easy in the knowledge that they are up to standard.
To watch the full video please click here