Characteristics of a Responsible Lift-Off of the General Data Protection Regulation (GDPR) implementation.
The timeline & milestones for EU general data protection regulation require that companies throughout the EU address the significant challenges in handling personal data when the General Data Protection Regulation (GDPR) goes live. The new GDPR regime cannot be automatically translated into the current IT platforms and data structures within the organisation. However, when stakeholders figure out how the current data is collected, stored, accessed, disclosed and utilised the difficulties in complying are activated.
All companies are forced to embrace 20 years of EU’s passivity on cyber laws, data protection, disclosures and controls are expected to be updated for implementation within the next 1½ years.
The existing EU data protection regime is based on the 1995 Data Protection Directive (95/46/EC) which is now updated with the GDPR. The new updated system requires significant advances in information technology for companies to comply.
IT and data stakeholders in the enterprise must first reflect on the fundamental changes in IT communication, sharing data, cloud, IoT, data & cyber developments, etc. The various EU member states cannot adopt a different approach to implementing the General Data Protection Directive in the future, so there will be uniformity between the countries where the business is generated.
Scope and magnitude of the entire project
The vision and cognitive capabilities of GDPR launch will allow corporations to absorb the regulatory changes, management risks and understand the governance obligations, and close gaps in IT systems and practices to address GDPR compliance requirements quickly and efficiently, provided then current systems and processes are documented and known.
If not properly scanned and recorded, the GDPR directive can provide IT Governance and compliance difficulties for many businesses in recognising the challenges related to the interaction of regulatory data protection information in all IT applications to comply before May 2018.
Many companies have started to dive head on in the changes without an introductory internal workshop to determine the strategy and assessment to define the obvious gaps to roll out the GDPR compliance process. Others are waiting for guidance on the impact of the GDPR on businesses. Even fewer organise an IT Security Day to get all stakeholders in line to determine what they should be doing right now to avoid major IT, data and reputational problems upon implementation.
Obligations to respond in the event of a data breach.
The regulation requires organisations with 250 employees or more to have a Data Protection Officer, responsible for ensuring compliance. The most extreme consequence is that companies can be fined up to €100 million or between two-five percent of their global turnover, in the event of a data breach of personal data. Also, companies are required to inform authorities of a data breach within 72 hours and to inform users of data breaches without any delay
The GDPR security and data protection policies need entirely new roles and responsibilities to address the data and safety information system within the organisation and to proactively monitor their networks and identify any potential security threat in real-time.
High on the corporate IT strategic agenda.
Preparation for the implementation of the new legislation is essential. The implementation groundwork must include a review of the current organisational setup, potential system upgrades, process changes, and provide all stakeholders with new implementation guidelines with a timeline and thresholds for IT governance and compliance.
The liability, penalties, lawsuits and possible reputational damage in case of a breach or non-compliance make the GDPR data protection a boardroom issue. The Board of Directors in most organisations, seriously consider importance how to ensure IT compliance to the GDPR, cyber security, and data security compliance and now ranks high on the strategic agenda.
To learn more about GDPR implementation and preparedness attend the GDPR seminar on the 9th February 2017 in Copenhagen. http://www.copenhagencompliance.com/gdpr/.