SlideShare a Scribd company logo

GDPR: Time to Act

C
Cathy Gilmartin

This may feel like a long way off but the obligations on businesses are onerous and the time to prepare is now. The hefty fines that GDPR promises will come into force immediately so businesses are being given plenty of warning to put procedures in place to ensure they are compliant with the regulation. Read this essential guide to getting GDPR ready.

Technology
1 of 5
Whitepaper GDPR: Time to Act e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie Technology for Business 25th May
e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie The EU GDPR (General Data Protection Regulation) comes into law on 25th May 2018. This may feel like a long way away but the obligations contained in the regulation are onerous and businesses need to be getting ready now! The regulation will be applicable immediately once the date arrives so businesses are being given plenty of notice to get systems and processes in place so that they are compliant. So what’s the GDPR all about? The GDPR introduces stricter data protection rules for organisations that operate in the EU market and process or hold the personal information of EU citizens. The GDPR is designed to increase the privacy of individuals and protect their personal data. Hefty penalties may be laid on companies who experience data breaches, with applicable fines of up to €20m or 4% of global annual turnover, depending on which is greater. Businesses are well advised to begin now (if you haven’t already started!) putting in place procedures and systems that ensure compliance and protection against potential data breaches. As cyber criminals get smarter and find more and more ways to hack into companies’ databases, the risk of a breach is increasing all the time. Unprotected companies are not only risking their reputation with their customers but when the GDPR comes into effect they will also be liable to hefty fines in the event of a cyber-attack on their data. What are the implications for my business? The GDPR places onerous obligations on companies to demonstrate compliance, requiring them to: 1. Maintain certain documentation 2. Conduct a data protection impact assessment 3. Implement data protection by design 4. Prove clear consent to process personal data 5. Appoint a Data Protection Officer for large scale data processing In the event of a data breach businesses must notify the Data Protection Authorities within 72 hours. All companies will have to adopt internal procedures for handling data breaches. These requirements are applicable to any sized business that processes personal data for a commercial purpose, from a sole trader to an SME to a multinational. Don’t make the mistake that this won’t apply to your business because of size, turnover or amount of data held. SMEs and smaller business are expected to manage their data flows and processes to the same extent as larger companies. Whilst some areas of the regulation recognise that SMEs have fewer resources and reduced capabilities and may well pose less of a risk to the privacy of EU citizens, SMEs still can’t do nothing. They too have to address the conditions of the regulation and become compliant in as far as is possible. Does my business need a Data Protection Officer (DPO)? One of the major changes that the GDPR will introduce is a change to how organisations manage their internal governance around personal data. The requirement for a Data Protection Officer was originally restricted to companies with 250+ employees. The final version has no such restriction and companies are left with the responsibility of deciding themselves whether or not the requirement for a DPO applies to them. Given the hefty fines involved if an organisation fails to meet this requirement, this is a daunting consideration. GDPR: Time to Act 25th May Technology for Business
e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie So what factors do you need to consider to determine if you need to appoint a DPO? The GDPR states that any company engaged in ‘large scale’ data processing must appoint a DPO. The question that many companies are asking is: what constitutes large scale? To reach an answer, companies need to look across their organisation at the data that they are collecting, storing and processing. They must assess this data in terms of volume and scope, including its geographic reach, the duration it is held and whether it is of a personal or sensitive nature as regards ethnicity, religious views, health or criminal convictions. It is also important to consider whether or not the processing of the data constitutes a core activity in their business and if monitoring of this data is regular and systematic. A good example, in terms of the scale of data processing, is the data held by an individual GP or small GP practice as opposed that held by a hospital. In this case both meet the requirement in terms of the personal nature of the information held, but clearly the hospital would be large scale and the GP not large scale. Another example would be a large insurance company where the capture and processing of personal data such as financial information would be a core activity versus an independent broker where it would also be a core activity but not on a large scale. Also consider an online retailer that captures financial and address information regularly and systematically versus a company that maintains an email mailing list and only holds email addresses and names captured in an ad hoc nature. Simply put, currently the criteria for a dedicated DPO is somewhat unclear. Companies need to show discretion in their decision as to whether or not to appoint a DPO while also showing caution to avoid the risk of significant penalties. Remember that your understanding of “large scale” doesn’t necessarily match that of the Data Protection Authorities. If you are unsure about appointing a DPO it would be advisable to take advice from a company offering GDPR consultancy. Of course, it has always been, and remains, good practice to have someone in your organisation with responsibility for handling Data Protection issues. Is ‘large scale’ relative to overall company size or to the scale of data processing within the firm? The purpose of the GDPR is to enforce greater privacy and protection of personal data for the individual. If companies are capturing and processing significant amounts of data on a large number of individuals then this constitutes large scale data processing, regardless of the size of the company in terms of either profitability or employee numbers. IS GDPR only for B2C? What are the consequences for B2B companies? Although B2B companies may not capture and process an individual’s data on as significant a scale as some B2C companies, the GDPR still has consequences for them. Most B2B companies will undertake email marketing as a way of reaching out to prospects. Under current law, you can send an unsolicited email to an individual’s work email address unprompted, once you have an option to unsubscribe. Under GDPR you will need their prior consent and furthermore, must be able to show proof of consent. You will also be required to delete their data 25th May Technology for Business GDPR: Time to Act
e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie after a set period of time under the ‘right to be forgotten’ directive contained in the GDPR. This and other requirements, such as ensuring opt-in forms and processes are compliant and consistent across the organisation, now means that B2B companies need to look at their current data governance function and adapt it to ensure compliance. B2B companies are also as open to a data breach as any other organisation. In the event that they fail to report a breach, or are found to be lacking in their cyber-crime prevention strategy, they will face the hefty penalties laid out by the GDPR. What’s the big danger for Irish SMEs? The big danger for Irish SMEs is complacency and ‘it won’t happen to me’ thinking. We see this regularly in relation to cyber security – SMEs thinking that cybercrime is reserved for bigger organisations. SMEs can’t afford to think that they won’t be subject to the GDPR rules or held accountable for any breach of these rules. The reality is that this law will be wide reaching and enforced with rigour, and SMEs will have nowhere to hide should they be negligent in enforcing its requirements. SMEs would be well advised to start preparing for the arrival of the GDPR now, specifically in relation to the implementation of data protection and cyber-crime prevention solutions. In order to avoid GDPR penalties, SMEs must have their data well protected with robust, fail-safe security solutions and procedures in place. What should I do next? Inform your team – Make sure you raise awareness internally of the change in the law. Identify the key people in your organisation that can assist in the journey to compliance and enlist them on the project. Data review and audit – Conduct an internal review and identify where data is held, e.g. HR records, supplier contracts, financial records. Review how data is processed and who has access to it. Document all the findings. Review your internal processes – Review your privacy notices and data collection processes to ensure they cover all the rights an individual has, especially around consent to collect and hold their data. Adopt privacy by design – Document and implement methods to ensure that data protection becomes a key component of the internal processes of the company and is seen to be a key consideration in the early stages and throughout the lifecycle of any project. Appoint a Data Protection Officer – Consider appointing someone within your organisation to take responsibility ongoing for data compliance and protection. Secure your data – Put systems in place to protect your data from a security breach. Map technology to the processes required to ensure compliance on an ongoing basis. Work with a cyber security solutions company who can put solutions in place that will identify weak links in your network that could leave you vulnerable to attack. 25th May Technology for Business GDPR: Time to Act
e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie Managed Security Services from a trusted provider can ease the pain While GDPR compliance is not something that can be achieved through technology alone, the provision of ‘State of the Art’ network security is clearly an essential first step. To reduce exposure to the potentially crippling implications of a serious data breach, it is necessary to minimize both the number of network intrusions, and their time to detection. And it is here that Novi can contribute most to an organisation’s overall compliance efforts. Novi’s cyber security service delivers reliable, high performance and cost effective security as a managed service, taking the headache away from companies. As cyber threats are continually evolving and criminals find ways to evade systems, the changing threat landscape requires specialist expertise and a multi-layer approach. Managing all of this in-house is a real challenge for companies and many of them are migrating some or all of the risk out of their IT departments into the hands of professionals. Along with our partners Fortinet, world leaders in security, we utilise tools that are highly scalable, support multi-tenant environments and provide robust, single-pane-of-glass management to implement and maintain a secure data environment. Implementing Security Systems is not a once-off activity; it requires ongoing monitoring and improvements as the cyber criminal’s modus operandi moves at an alarming rate. Our always proactive and highly structured approach ensures businesses never expose themselves to unnecessary risks. From initial engagement through to strategy, implementation and support, we promise our customers an unrivalled level of proactivity. Our service includes 24/7 network monitoring, as well as our unique offering of weekly, monthly or quarterly scheduled, Novi-subsidised onsite visits. In doing so, we reduce unplanned system outages by 87% and helpdesk calls by 43% and reduce the risk of a cyber breach by an average of 75%. We work round-the-clock on our customers’ behalves to prevent data breaches which can result in regulatory non-compliance, as well as brand and reputational damage. Don’t delay GDPR preparations Although mid 2018 may seem a long way off, businesses would be well advised to start planning now! Systems and processes take time to change. The countdown has started! To assess your business or organisation’s readiness for GDPR visit https://www.gdprbenchmark.com/ a quick, online self evaluation tool from Novi partner Microsoft. GDPR: Time to Act 25th May Technology for Business

Recommended

The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksVISTA InfoSec
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 

Recommended

The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Eu data protection regulations (point-of-view)
Eu data protection regulations (point-of-view)Gerson Trigueiros
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPRMissMarvel70
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksVISTA InfoSec
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPRGary Chambers
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?Datamatics Business Solutions Ltd.
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic Ermine Amies
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
WhitePaper- Archiving Supports HIPAA Compliance
WhitePaper- Archiving Supports HIPAA ComplianceWhitePaper- Archiving Supports HIPAA Compliance
WhitePaper- Archiving Supports HIPAA ComplianceSuccor Consulting Group, Inc.
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRBenjamin Dibble
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?Peter Witsenburg
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?AllBusinessTemplates
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 

More Related Content

What's hot

12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPRGary Chambers
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic Ermine Amies
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRBenjamin Dibble
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?AllBusinessTemplates
 

What's hot (20)

12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPR
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
WhitePaper- Archiving Supports HIPAA Compliance
WhitePaper- Archiving Supports HIPAA ComplianceWhitePaper- Archiving Supports HIPAA Compliance
WhitePaper- Archiving Supports HIPAA Compliance
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
 
How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?
 

Similar to GDPR: Time to Act

Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoDaniel Smith
 
What is data protection and why it is important for business
What is data protection and why it is important for businessWhat is data protection and why it is important for business
What is data protection and why it is important for businessSameerShaik43
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperServersys
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryTech Data
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationPete S
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paperGraeme Cross
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxAdarsh748147
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...Giulio Coraggio
 

Similar to GDPR: Time to Act (20)

Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
 
What is data protection and why it is important for business
What is data protection and why it is important for businessWhat is data protection and why it is important for business
What is data protection and why it is important for business
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist Whitepaper
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR Glossary
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

GDPR: Time to Act

  • 1. Whitepaper GDPR: Time to Act e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie Technology for Business 25th May
  • 2. e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie The EU GDPR (General Data Protection Regulation) comes into law on 25th May 2018. This may feel like a long way away but the obligations contained in the regulation are onerous and businesses need to be getting ready now! The regulation will be applicable immediately once the date arrives so businesses are being given plenty of notice to get systems and processes in place so that they are compliant. So what’s the GDPR all about? The GDPR introduces stricter data protection rules for organisations that operate in the EU market and process or hold the personal information of EU citizens. The GDPR is designed to increase the privacy of individuals and protect their personal data. Hefty penalties may be laid on companies who experience data breaches, with applicable fines of up to €20m or 4% of global annual turnover, depending on which is greater. Businesses are well advised to begin now (if you haven’t already started!) putting in place procedures and systems that ensure compliance and protection against potential data breaches. As cyber criminals get smarter and find more and more ways to hack into companies’ databases, the risk of a breach is increasing all the time. Unprotected companies are not only risking their reputation with their customers but when the GDPR comes into effect they will also be liable to hefty fines in the event of a cyber-attack on their data. What are the implications for my business? The GDPR places onerous obligations on companies to demonstrate compliance, requiring them to: 1. Maintain certain documentation 2. Conduct a data protection impact assessment 3. Implement data protection by design 4. Prove clear consent to process personal data 5. Appoint a Data Protection Officer for large scale data processing In the event of a data breach businesses must notify the Data Protection Authorities within 72 hours. All companies will have to adopt internal procedures for handling data breaches. These requirements are applicable to any sized business that processes personal data for a commercial purpose, from a sole trader to an SME to a multinational. Don’t make the mistake that this won’t apply to your business because of size, turnover or amount of data held. SMEs and smaller business are expected to manage their data flows and processes to the same extent as larger companies. Whilst some areas of the regulation recognise that SMEs have fewer resources and reduced capabilities and may well pose less of a risk to the privacy of EU citizens, SMEs still can’t do nothing. They too have to address the conditions of the regulation and become compliant in as far as is possible. Does my business need a Data Protection Officer (DPO)? One of the major changes that the GDPR will introduce is a change to how organisations manage their internal governance around personal data. The requirement for a Data Protection Officer was originally restricted to companies with 250+ employees. The final version has no such restriction and companies are left with the responsibility of deciding themselves whether or not the requirement for a DPO applies to them. Given the hefty fines involved if an organisation fails to meet this requirement, this is a daunting consideration. GDPR: Time to Act 25th May Technology for Business
  • 3. e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie So what factors do you need to consider to determine if you need to appoint a DPO? The GDPR states that any company engaged in ‘large scale’ data processing must appoint a DPO. The question that many companies are asking is: what constitutes large scale? To reach an answer, companies need to look across their organisation at the data that they are collecting, storing and processing. They must assess this data in terms of volume and scope, including its geographic reach, the duration it is held and whether it is of a personal or sensitive nature as regards ethnicity, religious views, health or criminal convictions. It is also important to consider whether or not the processing of the data constitutes a core activity in their business and if monitoring of this data is regular and systematic. A good example, in terms of the scale of data processing, is the data held by an individual GP or small GP practice as opposed that held by a hospital. In this case both meet the requirement in terms of the personal nature of the information held, but clearly the hospital would be large scale and the GP not large scale. Another example would be a large insurance company where the capture and processing of personal data such as financial information would be a core activity versus an independent broker where it would also be a core activity but not on a large scale. Also consider an online retailer that captures financial and address information regularly and systematically versus a company that maintains an email mailing list and only holds email addresses and names captured in an ad hoc nature. Simply put, currently the criteria for a dedicated DPO is somewhat unclear. Companies need to show discretion in their decision as to whether or not to appoint a DPO while also showing caution to avoid the risk of significant penalties. Remember that your understanding of “large scale” doesn’t necessarily match that of the Data Protection Authorities. If you are unsure about appointing a DPO it would be advisable to take advice from a company offering GDPR consultancy. Of course, it has always been, and remains, good practice to have someone in your organisation with responsibility for handling Data Protection issues. Is ‘large scale’ relative to overall company size or to the scale of data processing within the firm? The purpose of the GDPR is to enforce greater privacy and protection of personal data for the individual. If companies are capturing and processing significant amounts of data on a large number of individuals then this constitutes large scale data processing, regardless of the size of the company in terms of either profitability or employee numbers. IS GDPR only for B2C? What are the consequences for B2B companies? Although B2B companies may not capture and process an individual’s data on as significant a scale as some B2C companies, the GDPR still has consequences for them. Most B2B companies will undertake email marketing as a way of reaching out to prospects. Under current law, you can send an unsolicited email to an individual’s work email address unprompted, once you have an option to unsubscribe. Under GDPR you will need their prior consent and furthermore, must be able to show proof of consent. You will also be required to delete their data 25th May Technology for Business GDPR: Time to Act
  • 4. e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie after a set period of time under the ‘right to be forgotten’ directive contained in the GDPR. This and other requirements, such as ensuring opt-in forms and processes are compliant and consistent across the organisation, now means that B2B companies need to look at their current data governance function and adapt it to ensure compliance. B2B companies are also as open to a data breach as any other organisation. In the event that they fail to report a breach, or are found to be lacking in their cyber-crime prevention strategy, they will face the hefty penalties laid out by the GDPR. What’s the big danger for Irish SMEs? The big danger for Irish SMEs is complacency and ‘it won’t happen to me’ thinking. We see this regularly in relation to cyber security – SMEs thinking that cybercrime is reserved for bigger organisations. SMEs can’t afford to think that they won’t be subject to the GDPR rules or held accountable for any breach of these rules. The reality is that this law will be wide reaching and enforced with rigour, and SMEs will have nowhere to hide should they be negligent in enforcing its requirements. SMEs would be well advised to start preparing for the arrival of the GDPR now, specifically in relation to the implementation of data protection and cyber-crime prevention solutions. In order to avoid GDPR penalties, SMEs must have their data well protected with robust, fail-safe security solutions and procedures in place. What should I do next? Inform your team – Make sure you raise awareness internally of the change in the law. Identify the key people in your organisation that can assist in the journey to compliance and enlist them on the project. Data review and audit – Conduct an internal review and identify where data is held, e.g. HR records, supplier contracts, financial records. Review how data is processed and who has access to it. Document all the findings. Review your internal processes – Review your privacy notices and data collection processes to ensure they cover all the rights an individual has, especially around consent to collect and hold their data. Adopt privacy by design – Document and implement methods to ensure that data protection becomes a key component of the internal processes of the company and is seen to be a key consideration in the early stages and throughout the lifecycle of any project. Appoint a Data Protection Officer – Consider appointing someone within your organisation to take responsibility ongoing for data compliance and protection. Secure your data – Put systems in place to protect your data from a security breach. Map technology to the processes required to ensure compliance on an ongoing basis. Work with a cyber security solutions company who can put solutions in place that will identify weak links in your network that could leave you vulnerable to attack. 25th May Technology for Business GDPR: Time to Act
  • 5. e. hello@novi.ie t. +353 (0) 1 621 8633 novi.ie Managed Security Services from a trusted provider can ease the pain While GDPR compliance is not something that can be achieved through technology alone, the provision of ‘State of the Art’ network security is clearly an essential first step. To reduce exposure to the potentially crippling implications of a serious data breach, it is necessary to minimize both the number of network intrusions, and their time to detection. And it is here that Novi can contribute most to an organisation’s overall compliance efforts. Novi’s cyber security service delivers reliable, high performance and cost effective security as a managed service, taking the headache away from companies. As cyber threats are continually evolving and criminals find ways to evade systems, the changing threat landscape requires specialist expertise and a multi-layer approach. Managing all of this in-house is a real challenge for companies and many of them are migrating some or all of the risk out of their IT departments into the hands of professionals. Along with our partners Fortinet, world leaders in security, we utilise tools that are highly scalable, support multi-tenant environments and provide robust, single-pane-of-glass management to implement and maintain a secure data environment. Implementing Security Systems is not a once-off activity; it requires ongoing monitoring and improvements as the cyber criminal’s modus operandi moves at an alarming rate. Our always proactive and highly structured approach ensures businesses never expose themselves to unnecessary risks. From initial engagement through to strategy, implementation and support, we promise our customers an unrivalled level of proactivity. Our service includes 24/7 network monitoring, as well as our unique offering of weekly, monthly or quarterly scheduled, Novi-subsidised onsite visits. In doing so, we reduce unplanned system outages by 87% and helpdesk calls by 43% and reduce the risk of a cyber breach by an average of 75%. We work round-the-clock on our customers’ behalves to prevent data breaches which can result in regulatory non-compliance, as well as brand and reputational damage. Don’t delay GDPR preparations Although mid 2018 may seem a long way off, businesses would be well advised to start planning now! Systems and processes take time to change. The countdown has started! To assess your business or organisation’s readiness for GDPR visit https://www.gdprbenchmark.com/ a quick, online self evaluation tool from Novi partner Microsoft. GDPR: Time to Act 25th May Technology for Business