Do You Know What GDPR Means for Your Company?
“Are you ready for GDPR?” Companies on both sides of the Atlantic are asking this question as the EU’s new privacy rules come into effect. A more relevant inquiry, however, is whether they know what the rules require from them – and whether they’re taking the regulations seriously.
As recently as a few months ago – despite huge attention and countless articles – a study of Norwegian exeuctives showed that only 24 percent were preparing for GDPR. While that number has surely increased, it’s certainly not 100 percent. Business owners “have someone looking at the problem,” or they’re planning on implementing changes “sometime” after May 25.
To them, we ask this: Do you know that GDPR essentially forces you to know where every piece of personally identifiable information about EU citizens lives in your computer systems? Is that a requirement you can meet today?
Under GDPR, every EU citizen has the right to find out all the personal information you have stored about them within 30 days. Most companies think they know where it’s stored … but 80 percent of all data is hidden in unstructured form – Word® documents, emails, PDFs, etc. If you do not have a system to find the information, fulfilling GDPR’s right to be forgotten or right to data portability means a massive manual task … with every request. It’s time-consuming enough that some companies are considering establishing new departments simply to meet GDPR requirements. You must have a better plan.
Likewise, do you know GDPR’s requirements around reporting on potential security issues? If you’ve detected a breach, you must tell authorities and affected individuals what’s been jeopardized within 72 hours. Are you prepared to do that? Most companies aren’t.
We could continue with more questions like these, but the upshot is simple: Do not underestimate GDPR, or think it solves itself. Everyone who works with data on EU citizens – no matter where they’re located, or where the company is based – is affected. There are 80 new requirements. This isn’t crying wolf; this is a big deal, and you need to be ready. Now.