Do not mess with Data Protection Compliance

Preparing for the threat of digital disruption
April 29, 2014
How to Take Preventive Measures To Secure That Market Cap/Value During A Cyber Security Breach
May 1, 2014

Do not mess with Data Protection Compliance

Based on recent research, a recent survey indicates that up to 75 percent of Nordic organisations could be at risk of sanction under the new EU GDPR rules. Primary results: more 52% have done nothing at all to prepare themselves for GDPR, 36% were unaware of its existence

General Data Protection Regulation (GDPR)
The existing EU data protection regime has not been changed since 1995. During the last 20 years, there have been significant advances in information technology, and fundamental changes to the ways in which individuals and organisations communicate and share information. In addition cybercrime and hackers have had a field day with IP thefts, extortion and releasing confidential personal information. Combined with such developments, companies have now to get their IT Security act together and adopt a somewhat different approach to implementing the new mandates of the EU Data Protection Directive.

Create a joint cyber and IT Security platform
The GDPR directive will create compliance difficulties for many businesses. In recognition of such challenges, management must consider the impact of the GDPR on their businesses and how a structured approach can even help understand business, create growth through the structured data intelligence and perhaps even cut some of the IT costs by e.g. identifying duplication, integrating IT processes and creating a joint cyber and IT Security platform.

The GDPR security and data protection policies need entirely new roles and responsibilities to address the data and safety information system within the organisation and to proactively monitor their networks and identify any potential security threat in real-time.

Find out how the GDPR, in general, will boost your IT, data and tech dealings;

  • How can the organisation reclaim some of the rights they have lost by sending their data beyond the EU and into the worldwide cloud – where a say over how the data is used is different
  • How can the IT organisation redress when corporate data privacy is/was clearly violated?
  • Review all cyber, data and security leaks and pay particular attention to the data, and IT challenges in handling personal data
  • Document the required changes on how personal data is/will be collected, stored, accessed, disclosed and utilised to avoid the same leaks that cause irreparable reputation damage.
  • Evaluate the current organisational IT/Data setup, potential system upgrades, process changes, and provide all stakeholders with new implementation guidelines with a timeline and thresholds for IT governance and compliance.

Hire a dedicated Data Protection Officer
Companies are obliged to respond in the event of a data breach within 72 hours and to inform the oversight authorities’ and the users of data of a violation without any delay. The regulation further requires organisations with 250 employees or more to have a Data Protection Officer, responsible for ensuring compliance.

Once you have the above prerequisites in place, then it is possible to start with the nitty gritty of the GDPR directive.

We believe that you can avoid IT governance and compliance problems by participation in our certified GDPR course. Register;