You’re Not Ready for GDPR, but Don't Panic
The EU’s General Data Protection Regulation (GDPR) is an important piece of legislation, yet even with the passed deadline, some organizations are still underprepared.
The industries most affected will be those that collect large amounts of customer data, including technology companies, retailers, healthcare providers, insurers and banks.
As of April, according to a CompTIA study, "A full 52 percent of 400 U.S. companies surveyed are either still exploring the applicability of GDPR to their business; have determined that GDPR is not a requirement for their business; or are unsure."
GDPR is a new set of rules designed to give EU citizens more control over their personal data. The reforms, which have been in the making for a few years now, brings laws and obligations around personal data, privacy and consent, to protect citizens.
Data breaches happen every day: Information gets lost, stolen or released into the hands of people who were never intended to see it.
Under the terms of GDPR, organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners, or face penalties for not doing so.
If you haven't prepared, don't worry. There's still things that you can do today to be in compliance.
- Get senior management on board and create a steering committee.
- Hire a data protection officer to comply with the legislation.
- Work with your legal team to determine what the regulation means, and how it should be interpreted with your country's law.
- Do a risk and gap analysis, which includes reviewing all contracts.
The good news is that advanced PIAM solutions bridge the gap between policy and process by employing policy-based automation, deep systems integration and strong auditing capabilities to help organizations comply with the main requirements of GDPR more effectively and efficiently, enabling them to do business in Europe or with EU citizens without fear of incurring fines or other penalties.
