Insight on GDPR from BOHH's Becca Bauer
There is now less than a year for organizations collecting, using or working with anyone that handles data regarding citizens in the EU to get their policies in place to comply with the mandated General Data Protection Regulations (GDPR) that go into effect in May 2018.
Although greater data protection is becoming more important than ever as our economies become digitized and the potential for breaches have become a daily norm, the burden of updating security polices and strategies for organizations to comply with GDPR can be overwhelming and take a considerable amount of time and resources. As companies scramble to integrate GDPR-compliant solutions in to its data protection and collection strategy, it is likely to have some profound impacts on how the entire business operates. Below are three ways some of the key changes mandated by GDPR will make an impact on organizations’ entire ecosystem.
Reputation Damage and Strict Penalties
It is no secret that data breaches often bring negative press and a lack of trust among consumers, and while some of these breaches result in settlements, most until now have not had financial penalties. One of the major impacts GDPR will have on organizations is the pressure of strict fines if companies are found to be in breach of GDPR or do not follow the proper procedures following the event of a breach. According to the EU GDPR site (http://www.eugdpr.org), the new regulations have fines of up to 4% of annual global turnover or €20 million, which is enough to not only financially hurt a company, but will also draw attention to them in public for being in defiance of the law and a standard set of security and privacy regulations that organizations must comply with to ensure an individual’s data is protected.
Approach to Data/Technology Management
Much of GDPR centers around how companies are collecting, storing and using individual’s information. Under GDPR, companies must offer individuals, whose data they hold, to the right to be notified if a data breach exposes their information, the right to access their own personal data when they request it, the right to be forgotten, and the right to data portability. These new regulations will have a major impact on the strategies companies use to protect data privacy. This means organizations need to build more flexible architectures that will easily allow them to incorporate innovative technologies and security solutions that meet these new requirements. However, this can quickly become expensive and complex with updates such as legacy to cloud infrastructure overhauls and the addition of at least one or more products to enhance data protection.
Not only does this bring increased costs to how the data privacy strategies work, but it also brings in to question the management of these processes. Collaboration will be crucial when updating these policies. There needs to be coordination among the different departments in the organization from the various IT teams handling how data comes in and out of the company to the marketing department who collects data for analytics purposes. Cross collaboration will be key in ensuring the whole company is complying with GDPR, but it will most likely lead to a costly, complex strategy to update the data management across the whole company ecosystem, as well as a cultural shift in how your employees approach working with data and working and sharing data with other departments.
New Leader on Your Security Team
For companies who operate on a large scale, it will become mandatory to add a new leader to your security team: appointment of a Data Protection Officer. This new team member will have to be an expert on data protection practices, as well as be provided with all the necessary resources to comply with GDPR and maintain their knowledge on the industry. This equates to increased costs to the business with a new salary for an expert senior team member, as well as new technologies and resources needed for the DPO to carry out their job.
As organizations work toward implementing strategies to be compliant with GDPR, it is important they take in to account the implications all these changes will have organization-wide. With the need for increased budgets, personnel and technologies, the effort to become GDPR compliant must take in consideration the impact will have on the whole ecosystem and the amount of time and resources needed.
No comments:
Post a Comment