A Few Ways to Get Started with GDPR Compliance
June 22, 2018
By Paula Bernier, Executive Editor, TMC
It’s been about a month since the European Union’s General Data Protection Regulation took effect. If you’ve been following the GDPR action (or inaction), you know that many organizations are confused about and have not yet achieved compliance with these new rules.
The Ponemon Institute (News - Alert) suggests that nearly half of the 1,000 organizations it surveyed in April would miss the May 25 compliance deadline. Interestingly, a good share of those organizations are in the tech sector.
GDPR aims to protect the data and personal privacy of individuals in the EU. It does that by setting strict requirements about how organizations that touch that data interact with and secure it. That includes both organizations within the EU and elsewhere in the world.
There are a few things that organizations impacted by the GDPR may want to tackle first.
That includes understanding and educating their teams and customers about who’s responsible for what under GDPR. Appointing a data protection officer, which is a requirement for organizations that do “regular and systemic monitoring of data subjects on a large scale” is one of those things. These leaders can act as the point people to help organizations understand and comply with GDPR requirements.
And they can head up initiatives to educate consumers on their responsibilities under GDPR. These offices can help organizations formulate statements that clearly express consumers’ option to opt in or out of data collection at any time. They can communicate to organizations and consumers that customers have the right to restrict the use of or entirely erase the data handled by businesses too. And they will be in charge of making sure that happens.
Organizations and their data protection leaders also must comply with the GDPR’s new mandatory breach reporting rules. They require the disclosure of breaches to impacted parties within 72 hours of becoming aware of them.
Edited by Maurice Nagle