There’s no escaping it – the General Data Protection Regulation (GDPR) is coming and no matter what part of a business an employee works in, be it HR or marketing, legal or IT, it will affect them and have an impact on the working day. If you handle, hold or use personal data – whether it’s employee details, customer or prospect information – GDPR will bring change to your working practices.
So with just over a year to go until GDPR comes into force, businesses within the EU, as well as global firms operating in the EU, must become compliant with the new regulations before it’s too late. But it’s essential that businesses understand what this means for their operations, especially if they are reliant on personal data. They should view this as a data detox, to help them complete their journey to good data health and long-term business prosperity.
Are you prepared?
Despite the impending deadline and obligations for businesses to strengthen their data protection practices in relation to the storage and processing of personal data – and the severe financial penalties[1] for non-compliance – new research[2] from Kaspersky Lab found that one in five (20%) of IT decision makers still have little or no awareness of the GDPR. Yet this is a group that will have a central role in helping organisations prepare.
>See also: GDPR – a real opportunity to better understand your data
The research highlights how some IT departments feel overwhelmed by the new requirements and lack confidence in the ability of their organisation to comply. While some organisations have been preparing for the GDPR for years, others are playing catch-up. But the regulation doesn’t have to be a burden, and IT departments shouldn’t feel alone on the journey towards good data health and GDPR compliance. The pressure is also on all business functions to make the change together.
Whilst legal and information security teams, and those at the top, might have the bigger picture response to the GDPR in hand, those on the front line of data handling across other areas of the business might not be so prepared or even understand what’s expected of them. Upmost clarity regarding responsibilities and requirements from the outset, from departments to individuals, will help make this a smoother transition for businesses.
Many see the GDPR as an opportunity to become more empowered to drive change and help their organisation on a path towards good data health. However, approaching GDPR at a departmental level can only be achieved by making small, but significant changes which all come together to ensure businesses are fighting fit for 2018.
Time to assess your health
With so many factors to consider, it is essential for businesses to assess the current health of data across the organisation, to effectively apply the relevant advice and tools available to them on how to address key changes that will affect them. It is important for businesses and individual employees to understand what good data health looks like and why it’s good for their business. Good data health goes beyond compliance as it is also integral to the long-term success and well-being of any company.
>See also: Why data suppression is key to GDPR compliance
The task ahead might look daunting, but businesses and individual departments are already making good progress in getting their data health in order. Organisations must start by understanding the requirements of GDPR – guidance on this can be found on the ICO website. However, to help get them over the line and keep the business running at peak condition, habits that contribute towards the security of personal data need to be strengthened and maintained across the board.
Kaspersky Lab would recommend the following five-step data fitness plan[3] to achieve good data health:
- Go the distance – There is no long-term reward in taking a half-hearted approach to getting your business GDPR-ready. Future proofing new procedures is key. It could cripple your business if the right steps are not taken now.
- Nominate a coach – Each department needs someone to bring it all together and keep everyone on track and to plan.
- Clear your mind – Achieving departmental and organisational change requires an open mind and willingness to change processes for the long-term health of the business.
- Train regularly – Data protection policies need to be regularly updated and clearly communicated to all departments, staff and suppliers.
- Work with a personal trainer – Third party support will not only help you to stay on track but help you maintain good data health moving forward.
>See also: One year to GDPR: guide to compliance
Through careful planning and a proactive approach, businesses can achieve GDPR compliance and get their data in order.
[1] Up to 4% of annual global turnover or up to €20 million (whichever is greater)
[2] Research conducted for Kaspersky Lab by Arlington Research in April 2017. Over 2,300 IT decision makers from across Europe, within companies of 50 or more employees, were questioned about their views and awareness of GDPR.
[3] Kaspersky Lab Whitepaper, 2016, Bearing the burden of GDPR
Sourced by David Emm, Principal Security Researcher at Kaspersky Lab
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here