12 reasons GDPR will impact the whole of your business and not just IT
Independent project, systems and risk expert who enjoys hel
The clock is already ticking towards May 2018 when the EU General Data Protection Regulation (GDPR) comes into force. Whilst there is increasing awareness of what is needed within the management board, is there a possibility that the responsibility for implementation will simply be delegated to IT again as another piece of technical compliance work to deal with?
If this happens, a major opportunity to create significant business value through more unified and robust data management will be lost, as well as the very real risk that fundamental compliance requirements will not be met.
Management boards accountable for breaches of regulations within business, with penalties of up to 4% of last year’s turnover with reputational risk implications.
Major opportunity to digitally transform business, enabling it to compete more effectively in the new digital economy.
Sheer scope of changes needed across whole business requires robust programme management approach and strong boardroom leadership.
Data protection methods have to be integrated into all business processes, which need to be redesigned to reflect this and associated opportunities.
Must formally record why, who, what, when and where personal data is being processed by business and associated legal basis for doing so.
Responsibility for data now extends to all off site processing meaning when data leaves or is shared externally this responsibility remains with the business.
Regulations relate to data which is ultimately and only owned by the business, so strong data governance is essential.
Significant number of cloud based applications, sometimes used by business driven shadow IT, may not be compliant and will need to be updated.
Stricter requirements for protecting business from threat of cyber-attack and need to notify authorities of such breaches within 72 hours.
Must be able to demonstrate compliance within the business, with some aspects explicit but others implied.
Businesses have responsibility for assessing degree of risk their processing activities pose to individuals.
Someone within business has to take responsibility for data protection compliance and if necessary, implement formal Data Protection Officer role which reports directly into highest management level such as management boardroom.
To discuss these challenges further and their relevance to your own business, please contact Robert direct at firstname.lastname@example.org to schedule a completely confidential and no-obligation discussion