13 Noviembre 2018
As you may know, the European Parliament approved the 25th May 2018 the General Data Protection Regulation (GDPR), which came into effect with the intent of consolidating data privacy laws across Europe and to protect European citizens’ privacy in an increasingly data-driven world.
Indeed, the GDPR covers all companies who process the personal data of those in the European Union regardless of where the company is located. This new law is strengthening Data Protection for citizens in the EU, as well as changing how businesses approach Information Security, Data Privacy and Governance. This legislation is pivotal for businesses operating in Europe, mainly because GDPR seeks the introduction of mandatory security notifications and to give more freedom to citizens on how their personal data is used.
Moreover, given the fact that Data Breach fines are about the 4% of the global turnover, it is quite important to think about expanding our knowledge on this area and therefore, comply it properly.
Consequently, the road to GDPR compliance is complex, but it can be achieved through some simple first steps:
Step 1. Develop company awareness of the legislation; help colleagues understand how it affects your business.
Step 2. Help the board understand the legislation and the resources required to transform how the organization handles Personal Data.
Step 3. Appoint a Chief Data Officer to drive compliance internally and if required, a Data Protection Officer to assess the data protection requirement.
Step 4. Audit and review existing systems, procedures and contracts with suppliers and conduct an information audit.
Step 5. Assess privacy notices and procedures.
Step 6. Make sure you have the right procedures in place to detect, report and investigate the possible security breaches within 72 hours (Companies must notify individuals that their data was potentially compromised within 72 hours of realizing a data breach occurred).
This simple steps may help your company to improve regarding the Security Information scope, as well as to understand in a better way how information and data can be properly managed.