With the implementation of GDPR just around the corner, a major cause for concern is the number of organisations who do not know about the regulation and the effects it will have on their business.
This is reflected in a recent survey where 1 in 3 business leaders admitted that they had never heard of GDPR. Forrester have also predicted in their latest report that come May 25th 2018 up to 80% of firms will not fully comply with GDPR. With this in mind we have crafted a blog with 5 things that you may not know about the new regulation that you will need to if kicking off a GDPR project.
Identifying the personal data you hold and where it is stored is paramount to ensuring GDPR compliance. 68% of CIO’s believe that pinpointing this data is going to pose a real problem due to the complex nature of modern business, with personal data storage and processing being a daily part of working life within most departments.
The issue of consent has been one under constant debate for quite some time now, raising all kinds of issues for many industries and departments – particularly the field of marketing. Following the introduction of GDPR in May explicit consent will become a mandatory requirement. Organisations will need to seek ‘specific, informed and unambiguous consent’ from an individual before processing their personal data.
When the new regulation comes into effect businesses will have just 72 hours to notify their Supervisory Authority of a data breach aswell as affected data subjects and they must do so without undue delay.
This is a drastic difference compared with the non-existent breach notification requirements under the current data protection directive. To put this challenge into perspective, it can currently take many organisations up to 197 days to discover all of the material facts relating to a data breach.
Many organisations will now need to appoint a Data Protection Officer (DPO) in order to comply with GDPR. However, there is a real outcry for DPOs as they are in short supply. It is predicted GDPR will require around 28,000 of these specialists around Europe.
If your organisation depends on cloud based applications to conduct business, you will need to look into the compliance of these platforms with GDPR as these may pose a risk to your organisation’s compliance status. In July 2016, 98% of cloud based apps were not GDPR ready.
GDPR poses a great amount of non-compliance risk to many organisations globally who actively target the E.U market. If you’re interested in reading more of our blogs on GDPR topics you can find out more here.
Did you find this blog helpful? What are your main causes of concern with the introduction of GDPR?