On 25 May 2018, the EU’s General Data Protection Regulation (GDPR) comes into effect. Predicted to force organisations into a radical shake up their data protection practices – with businesses facing heavy fines for non-compliance – Experian’s recent GDPR survey finds, however, that 48 percent of businesses admit to not being ready for GDPR, and only in early stages of preparation.
The purpose of the new regulation is to shift control of EU citizens’ personal data to the owner of that data, and while it will affect organisations across the whole of the EU Zone, companies outside the EU will also have to meet GDPR requirements if they want to use data from customers within the EU. The UK has committed to fully implementing GDPR in May 2018.
It’s worth businesses remembering that many of the GDPR’s requirements for securing data and preventing breaches will be similar to those needed to meet other data control and compliance regulations (legal and corporate) – for example, the ISO 27018 cloud privacy standard. However, many businesses are going to have to make significant changes to the way they store and manage data.
GDPR doesn’t prescribe specific data protection technologies, rather procedures that organisations should take. Companies will, therefore, be talking to their IT providers about core data security solutions to be able to meet the process requirements.
Advising customers to consider looking at personal data within four key areas can be helpful:
- Location – identifying where personal data is held across the business is a first vital step
- Governance – to evaluate existing processing activities and establish gaps in meeting GDPR requirements
- Security – a security and protection audit
- Reporting – to be able to meet data request, breaches, and accountability requirements
An IT or managed services provider must also ensure their own organisation is fully compliant and ready for the new regulation. And whereas previously it was only data controllers who were responsible for information, data processors now bear the burden of responsibility as well. This means that service providers will have to ensure they are meeting GDPR standards as processors of their clients’ data.
GDPR is set to have a major impact on businesses across the UK, and who will be looking to their IT providers for support. We’ve therefore:
- Created an eBook GDPR: A Guide for Vuzion Partners which looks at GDPR requirements, at the four key areas businesses should consider in more depth, and a review of the IT solution provider’s role
- Organised a webinar 10 questions your customers should answer about GDPR on Thursday 22 June, 10-10.45am, to be hosted by independent GDPR Implementation Consultant Pierre Westphal.
We’re also creating a content hub where we’ll be posting the most useful and relevant articles published generally, as well as producing our own pieces, such as the eBook.
Michael Frisby, Vuzion MD, says, “The countdown to 25 May 2018 is well underway, but there is still time for businesses to implement the necessary solutions and processes to meet the new regulations.
“If they haven’t already every business does need to begin planning now, though, as the directive will require significant change to the management and processing of personal data. Businesses will be turning to their IT providers for guidance – and at Vuzion we are in turn here to support our partners.”