It’s a hot topic and you may still have some questions. The forthcoming General Data Protection Regulation is often in the news, as is how to ensure GDPR compliance.
A brief overview of GDPR (the new EU-wide data protection legislation that will replace the 1998 Data Protection Act) was also outlined in this article.
GDPR comes into force on 25th of May 2018 and AIIM Europe’s research says only 6% of companies are fully prepared.
Staying ahead of the new GDPR is a process that requires early and also continuous action. GDPR requires privacy by design; and privacy requires control. That is why one of our partners, Ricoh, has a list of GDPR questions you need to be asking yourself, and also your clients now.
7 GDPR questions to ask end users of data
1. What data do they have?
2. What format is it? For example: hard copy. And if so, are there any plans to convert to an electronic format?
3. If the data is in an electronic format, is this easily accessible?
4. What personal information are you storing?
5. Where is it held?
6. Who has access?
7. If data is requested by a customer or employee, how will this be shared?
– Secure file share?
– Document access management?
– Secure printing?
– Secure archiving and document retrieval?
Under the GDPR, individuals will be “guaranteed free and easy access to your personal data, making it easier to see what personal information is held by companies and public authorities”.
The regulation aims to improve the security and access of personal information, whilst superseding personal data handling previously covered by the Data Protection Act 1998.
GDPR applies to organisations established within the EU. GDPR may also apply to organisations established outside of the EU if the organisation is dealing with personal data of data subjects within the EU.
Previously, companies tended to pick the regulation which suits them. If, hypothetically, Facebook wanted to use personal data for people in Germany where they may have stricter data laws, it can simply set up a hub in Ireland and instead use Ireland’s data regulations. So in summary, European data protection law is CURRENTLY patchy and outdated.
For businesses, they now have to make sure that they comply with ONLY ONE single set of regulations rather than up to 28 different standards. Non-compliant businesses risk high fines of up to €20 million or 4% of an organisation’s total worldwide annual turnover in the previous year. In each case, the penalty will be tailored to reflect the severity of the breach.
Finally, GDPR compliance research by AIIM Europe – Our Collision Course with GDPR – Achieving Compliance Before It’s Too Late (C) AIIM Europe
Also iStock image used by permission of Ricoh Europe PLC
Posted in Security