GDPR and Operational Reform
Data Protection was once the siloed concern of a company’s privacy team, but GDPR’s imminence has elevated data protection to a board-level issue, making it impossible to ignore.
Large, multinational companies can’t continue to implement the same flimsy operational processes and expect not to be penalized if/when they don’t work.
Any organization that holds data about or markets to people within the EU will be held accountable to GDPR compliance. As IBM Security Intelligence contributor Vikalp Paliwal aptly explains, “Fortune 500 businesses and others, beware.”
He further outlined GDPR’s primary goals:
- Ensure protection of the fundamental privacy rights of Data Subjects
- Update privacy laws so that they reflect and keep pace with the way the technology landscape has changed over the last 20 years
- Unify the 28 disparate privacy laws of the EU member states
A Dimensional Research survey found that 93% of businesses are challenged by data privacy, which is enough to send any CEO into panic-mode over the negative implications of noncompliance, but luckily, OneTrust can help, and we’re here to reassure you that it’s going to be okay.
Here are a few of our recommendations for this pending regulatory behemoth:
- Be Educated
- Be Organized
- Be Accountable
- Be Consistent
Many resources offer workshops and webinars to help companies understand the significance of GDPR and its impact on data protection laws, or you can attend in-person events like IAPP’s GDPR Comprehensive 2016 (September 22-23 in London.)
The U.K. Information Commissioner’s Office (ICO) shared some recent insight to help organizations prepare for GDPR in 12 steps, but it may be worth combing through the GDPR fine print to look for relevant information that could affect your business.
Organization is an essential key for GDPR compliance. Compiling Privacy Impact Assessments (PIAs), Privacy Threshold Assessments (PTAs), and other documents and questionnaires in one central repository makes it easier to find and present data to regulators, thus sidestepping the last-minute, year-end form submission frenzy.
The privacy industry’s definition of “accountability” is a company’s obligation to report, explain, and provide transparency and traceability, all while identifying and documenting the measures your company is taking to comply with data privacy laws.
GDPR implementation, in and of itself, will enforce accountability, but depending on the size and maturity of the organization, you may need additional support. While it’s important to get organized, your ability to ask the right questions to the right people at the right time will play an important role in holding your company accountable for its actions.
Consistency is at the very heart of GDPR’s proposed system, with a view to simplify and stabilize cooperation procedures. Consistent regulatory reporting and communications is another crucial element for GDPR preparedness and compliance –– one that can be easily automated with the right software tools.