The power of digital transformation is now exponential. Most companies in the leading sectors are now becoming more digital. A no-brainer for the art of contrarian trading to profit from crowd behavior in financial markets. That is why, data is where the money is now.
Since data has become a form of currency, information held by businesses pose significant risk if stolen and abused. Good thing, the European Union came up with GDPR or General Data Protection Regulation and it will come into effect in May 2018.
What is GDPR and who does this legislation affects?
It is a ground breaking and non-directive privacy law in the world. It aims to strengthen and unify the export of data protection for all individuals within and outside the European Union. It affects worldwide businesses and organisations who collects and processes data of EU residents.
What are the penalties for non-GDPR compliance?
Organizations will have sanctions and can be fined up to 4% of the worldwide turnover or €20 Million for breaching GDPR. This is the maximum fine that can be imposed for the most serious infringements. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order, not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors. Therefore, clouds are not exempt from GDPR enforcement. - EUGDPR
What should you do to avoid it?
There’s a saying prevention is better than cure. So, how do you prevent getting sanctioned or penalized? Start by having awareness. Key people should be aware of the law, understand and consider its impact in order to come up with solutions.
2. Create Data Governance Program
From small, medium, and large companies, all organizations should design systems and implement appropriate privacy policies and solutions.
3. Breach notification
During a data breach, processors must notify every customer and local DPA or Data Protection Authorities within 72 hours.
4. Subject Access Request and Drop Information
Consumers have the right to get consent from the data controllers. In the same way, when the data is no longer relevant to its target, they can have their data deleted.
5. Data Portability
Allows consumers to obtain and reuse their personal data across different platforms.
6. Duty of documenting
You should document what personal data you hold, where it came from and who you share it with.
7. GDPR audit
Risk assessment are very important and mandatory. Analyze your security program if it’s protecting data information. You need to organise an information audit here.
As Helen Rabe once said, “GDPR isn’t going away. If you want to stay an active part of the digital ecosystem, and ensure your reputation and revenue generation is in-line with these demands, you will need to respect the notion that data regulation is key to success.”