Be prepared

Be prepared

The General Data Protection Regulation comes into effect in a few months. Is your business prepared, Curt Gauci asks.

The countdown has started as less than four months remain until the General Data Protection Regulation (GDPR) takes effect.

The extended EU data protection laws come into effect on May 25 and it will affect all businesses in some way or other.

If you want to be certain that your business is going to comply – while avoiding the potentially hefty financial penalties that failing to comply to this new regulation is going to bring with it – then the time to start preparing is now.

Compliance with GDPR means that all companies will have to alter their data security practices to some degree or other. If your business collects, manages or handles personal data in any way, it’s highly likely that you’ll have to comply with the new GDPR.

The definition of what constitutes personal data has also widened. What does this mean for your businesses? It means internal IT security systems and policies will require change in some way or form.

Identify and map out those areas which will have the greatest impact on your business model

The systems used by businesses to create, store, analyse, share and manage data can be spread across a wide array of IT environments, from personal devices, on-premises servers and cloud services to even the Internet of Things. Cyber security, data privacy and data breaches will need to be top-of-mind.

The overriding question is whether data is at risk and which practices and technologies will effectively reduce those risks.

The law imposes new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union, or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located.

The GDPR also puts a strong emphasis on transparency, security and accountability by data controllers, while at the same time standardising and strengthening the right of European citizens to data privacy

GDPR introduces new elements and significant enhancements which will require detailed consideration by all organisations involved in processing personal data. The new regulation contains many requirements about how you collect, store and use personal information. Some elements of GDPR will be more relevant to certain organisations than others, and it is important and useful to identify and map out those areas which will have the greatest impact on your business model.

Start the journey

Carry out a review of all current or envisaged processing in line with GDPR.

Outline the new obligations under the GDPR which will apply to your organisation.

Map the gap that exists between your existing state of compliance and the standard required under the GDPR.

Outline the changes you would need to make to achieve compliance with the GDPR, prioritise these changes, quantify the cost and create a roll-out plan with timeframes.

Curt Gauci is a director and co-founder of Kinetix IT Solutions, a local leading IT systems integrator. Kinetix are HP, Cisco, Microsoft, Kerio, Trend Micro and Symantec certified partners.

Comments not loading? We recommend using Google Chrome or Mozilla Firefox with javascript turned on.
Comments powered by Disqus