The EU General Data Protection Regulation (GDPR) will come into effect on the 25th May 2018. Companies not complying with the new legislation will be prosecuted and face huge fines. Every business is affected, and all companies will have to apply with the new law. Areas that will be particularly under scrutiny will be:
- Data Security
- Data Integrity
- Accessible Personal Data
- Data Classification
- Data Retention and Preservation
- Disposal and Defensibility
All personal data collected (ie. HR data, Payroll, customer data etc.) will have to be monitored and kept securely. A defined purpose for what the data is kept for will be needed as well as it needing to be accurate and up to date.
Do you have a data controller? If you have over 500 users it will be a requirement to have a data controller to monitor and manage your data on a day to day basis, this can either be internal or this can be outsourced. Additionally all data breaches have to be responded to within 72 hours of identifying the breach and has to be reported to the regulators (e.g. UK information Commissioner’s office).
How it affects you
In short, if the terms are not complied with you will face either a fine of 5% of your global turnover or 20 million euros (whichever is greater).
What you need to do
To meet the new requirements there is a variety of action that needs to be taken, each company will vary as every business is at different stages of their own Data protection rules. Common actions that need to be taken are as follows:
- Hiring a data controller or outsourcing
- Increase data security
- Review of archiving process
- Review of data management processes
How we can help
At S3 we can help with the entire process, from road mapping a plan to ensure you’re compliant with the new regulation to conducting a data audit to see where you currently are and what your potential risks are. Our experts will be happy to set up a call with you to run through everything with you and agree what action needs to be taken.
We have several partners focussed on meeting the new EU GDPR legislation, these range from security vendors such as Varonis & HDS amongst others, also data management vendors such as DELL EMC and Veeam. As a vendor agnostic organisation we will work with you to find the best solution to meet your requirements.