What Is GDPR And Is Your Business Ready?
When the General Data Protection Regulation, or GDPR, was first adopted last year, UK businesses could be forgiven for not giving it much thought. Firstly, there still remained more than two years before they had to comply with the new regulations and, secondly, the Brexit vote that followed shortly afterwards began to dominate corporate thinking.
If businesses have failed to give GDPR the requisite attention, then time is not on their side. The regulation will be enforced from May 25, 2018, at which point companies will need to comply with its many different rules regarding data protection.
What you need to know
Essentially, the GDPR greatly extends the scope of existing EU data protection law. Once enforced, all businesses that store or process data on an EU citizen must comply with its the new regulations, even if they are based outside of the EU.
What's more, businesses that fail to meet the high privacy standards set by the GDPR could be subject to hefty fines of €20 million or four percent of worldwide annual turnover, whichever is greater.
However, although the looming deadline to comply with the General Data Protection Regulation may fill businesses with fear, it should also be viewed as an opportunity. The new legislation encourages organisations to create a clear and efficient data protection policy. This will not only ensure that they comply with the new rules, but will demonstrate to potential customers and clients that they have the utmost respect for regulatory standards.
Achieving compliance
GDPR brings in a number of new rules concerning data protection and it will be up to each individual business to familiarise themselves with each new ruling and make sure that they are fully compliant. There is now a much greater onus placed on businesses to acquire consent for any data that they have on EU citizens. Even pseudonymised data may be subject to the new regulations, depending on how easy it is attributed to a specific individual.
Data recovery also comes under the remit of GDPR and this is an area that is being neglected by many firms. The regulations state that businesses must have "the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident." This is partly because EU citizens will now have stronger rights to request access to any personal data being stored by a particular company.
If businesses do not think that they have the necessary resources to achieve GDPR compliance in time, then seeking assistance from a managed service provider could be just what they need. DRaaS from Sungard AS can help firms meet the disaster recovery aspects of the new EU law.
In fact, requesting help from specialised IT consultants is a worthwhile tactic for any business that has concerns ahead of the May 25 deadline. Many managed service providers have created specialist GDPR teams to guide companies through the GDPR transition. If you're not sure if your business is ready, it's not too late to ask for help.