Come May 2018, the General Data Protection Regulation (GDPR) will go into effect. The new regulations will apply for all data collected from EU subjects, and your business will need to abide by them even if it is outside the EU itself. If you lose control of that data, you could be subject to extremely high penalties. At present, fines are set to run up to either 20 million Euros or 4% of your total annual worldwide revenue, depending on which of those numbers is higher.
Either figure is likely to represent a catastrophic loss for any business that must pay them, so becoming GDRP compliant is obviously a good idea. Here are just three questions you should ask yourself before they come into effect.
- What Data Do You Hold?
First and foremost, you need to understand exactly what kind of data your company is responsible for.You need to be able to locate any sensitive data, document how it is collected, and, above all, know exactly where the data is being held. It’s often surprisingly tricky to figure out where your company’s IT systems actually store their data, but you need to know before the new regulations go into effect.
- Who Can Access This Data?
One of the key requirements of GDPR is the ability to limit who can access the information that you’re holding. Access must always be authorised, so it’s vital that businesses thoroughly analyse policies surrounding data usage, data retention, and data destruction – essentially anything that relates to data handling. You should also determine exactly who has a right to look at data. Just because a certain individual holds a high position doesn’t automatically entitle them to access all data sources.
- What Do You Use Your Data For?
Your business could be using data for a surprisingly comprehensive range of purposes. It could be used by your finance department for budgeting and forecasting, or your marketing department might use it for analytics. Doing so may even involve adding new tools to your system, and those tools may use data centres of their own.
If these questions are causing you headaches, make sure you contact an IT professional to get your business compliant before GDPR comes into effect.