Skip to main content

GDPR: What to do Between Now and May 25th

By: Gregg Petersen, Regional Sales Vice President, Middle East & Africa, Veeam Software

You’ve probably heard a lot about the new EU General Data Protection Regulations (GDPR). And that’s understandable. The run up to it has been a long, drawn out process – beginning way back in 2012, when the European Commission proposed a comprehensive reform of the 1995 data protection rules. These proposals turned into plans, and now these plans are finally hurtling towards us at breakneck speeds. After all the talk, commentary, advice and debate, the grace period for the new regulations is coming to end (May 25th 2018) and penalties are just around the corner.

In the grace period we’ve had, there certainly hasn’t been a lack of information about what people should expect from the new regulations. But the sheer amount of literature surrounding it can be justified when considering the size of its effect.

The new GDPR will have a profound impact on all organisations that are responsible for processing and storing personal EU citizen data. And in today’s borderless digital world, this means businesses beyond Europe will be affected. Indeed, any business that deals with a partner in Europe will be subject to the rules.

Remember, the fines are colossal: up to 4% of annual global revenue, or EUR20 million – whichever is higher. So, with just weeks to go, it’s worth making sure your business is prepared. In fact, it’s worth double, triple and quadruple checking your business is prepared. The risk of non-compliance and the resulting fine is too great to take your chances on.

With that in mind, here are just a few things you should be looking out for in the final countdown.

Make sure everyone is aware

Some businesses and organisations are appointing, or have appointed, a designated Data Protection Officer in the run up to the launch of the GDPR.

Even if some are a little behind the curve, this is smart thinking, as not only can a DPO be a useful expert, they can also be a GDPR advocate – getting the entire company on board with GDPR best practice. Moreover, they’ll be able to recommend the right kind of tools to bring on board that will aid with data backup, in the event that the business is attacked.

But even for those businesses who aren’t making a DPO hire, it’s worth remembering that the GDPR is a company-wide issue. This means you should be making sure that all the key stakeholders in your organisation have a solid understanding of the implications and requirements of the new regulation and how it will affect their own processes.

Conduct a data audit

By now, every business should know what personal data it holds, where it’s stored, how, and where it came from. They also need to know why they’re holding it and how they came to have it. Any or all of these questions might be asked by local GDPR enforcement agencies.

If you’re one of the businesses that doesn’t have this level of data knowledge, it’s time to get a hurry on and answer the questions about your data. Come May 2018, you will need to justify the legal basis behind your data processing activities. The authorities are not going to be lenient on businesses that suffer breaches and are unable to back their data hosting up to ensure its safety. The fines are real, and soon enough there will be an example that proves it.

Review personal privacy rights

One of the big changes the GDPR is bringing about is greater citizen rights when it comes to data. To put that into context, over the past three years, Google received 2.4 million requests for the deletion of search engine results – that number is going to rise rapidly when people understand more about their right to be forgotten.

Beyond being forgotten, people will also be able to access data, or to request it for themselves (in a format they can digest). To ensure this right doesn’t become a time sink for your organisation, you should make sure you have a way to tag the location of each data point so you can access it when necessary. It’s a small change that could yield big time dividends.

Have a plan for data breaches

Under the rules of the GDPR, organisations must report data breaches within 72 hours of discovery. That doesn’t leave long, especially when you consider that the hours after a breach will be a fraught time, with lots of different investigative and firefighting activities going on.

As such, it’s key to make sure you have the right plans in place, which will allow for the detection, reporting and tackling of a data breach, should one happen.

Here, additional reporting software can help. Tools which allow businesses to add clarity to the location of backup repositories can save time with compliance reporting. And, should data become unavailable because of malware, recovery software can easily make data available again.

Keeping improving

Of course, it’s good to have plan, but it’s even better to leave room for continued improvement. Particularly where the availability, quality and safety of data are concerned; and when data is fast becoming the most prized asset of our time.

Considering the fast-paced world we live in, it’s likely that the digital landscape will change in the coming years – even more so than the last decade. As such, it pays to be able to evolve with the times and to test, trial and evolve with technology. The GDPR doesn’t end on May 25th. It only just begins.


Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

Insurtech startup Kruzr raises $1.3 Million from Saama Capital and Better Capital

InsurTech startup Kruzr has raised 1.3 Million USD (Rs. 9.5 Cr) for its seed round led by Saama Capital with participation from Better Capital. Kruzr is a preventive motor insurance technology which helps insurance companies personalize policy premiums & improve their risk model by delivering an engaging preventative driving assistant to their customers. Kruzr is founded by Pallav Singh, Ayan, and Jasmeet Singh Sethi.

Kruzr blends the power of voice technology and artificial intelligence in its personal driving assistant that helps drivers minimize mobile distractions, drowsy driving, speeding and external risks like weather and accident-prone zones. In pilots with insurers, Kruzr managed to cut down distracted driving by 80%. Kruzr is working with motor insurance companies in Europe, UK and India to bring its technology to their customers to prevent accidents & improve claims.

“Road accidents cause over 1.3 million deaths globally every year, and motor insurance companies los…