The new regulation will impact all commercial and public organisations that process personal data for EU residents. This is not limited to organisations within the EU, it also applies to global organisations that have an EU presence. Despite Brexit, the UK will still implement GDPR law.
GDPR will force organisations to take data management seriously, to ensure there’s accountability for the way personal data is handled, and in many cases making sure they employ a Data Protection Officer. There will be some very tough penalties for not complying with GDPR; up to 4% of turnover or €20 million, whichever is greater.
To comply with GDPR you’ll need to know:
- Where you store sources of personal data
- Who owns that data, why it’s kept and how the data is used
- When the data was collected and for how long it needs to be retained
The adoption of GDPR is not a one-off project. New GDPR standards need to become a default part of how any organisation operates, so that all new systems and processes that involve personal data are designed appropriately from the start. Privacy by default and by design is something the GDPR regulators will expect, and if organisations are unable to demonstrate this, it will inevitably influence the level of fines imposed.
Whilst there are uncertainties, there are two core principles that are absolutely clear:
- Firms must respect the rights of individuals and do so in a transparent manner
- Firms must prove they are respecting those rights by implementing the best practices available today and improving on them as clarification of requirements emerges
Secur’s GDPR Advisory Service will evaluate your capability to satisfy the requirements of the GDPR and propose a roadmap to ensure your organisation becomes compliant with GDPR within a data governance framework. Our goal is to help you comply with GDPR and, as part of that, improve underlying capabilities to manage data. Whilst GDPR focuses on personal data, the capabilities you develop will enable you to manage other essential sets of data.
If an organisation receives a complaint or has a breach, the regulator will need to see evidence that data privacy has been taken seriously. Being able to show the regulator that you know where personal data is located, that you can respond to data subject rights, that you only keep personal data as long as needed, and it’s well protected while you do keep it, will greatly improve your credibility with the GDPR regulator.
Why work with Secur?
- Our consultants are experts in data management and have successfully implemented governance in a wide variety of organisations.
- Our consultants have over 25 years of experience with regulatory data management of which the last 18 months has been extensively around GDPR.
- We understand the need for cultural change for both GDPR and effective data governance and have extensive experience in organisational change and skills development.
- We have experience in consultancy and workshop management and can provide the capability to facilitate and develop a practical GDPR roadmap.