The oft-dreaded May 25th start date for the European Union’s General Data Protection Regulation (GDPR) is breathing down the neck of IT teams, security administrators and data controllers the world over. With literally only a few weeks left before companies will be subject to the GDPR’s epic fines for noncompliance – up to 4 percent of a business’ revenue or 20 million euro per violation, depending on which figure impacts business more – organizations that have been dragging their feet have precious little time to make some significant changes to their policies and workflows.
That isn’t to say that there’s no hope for organizations who’ve been inactive to date in preparing for GDPR compliance. Fortunately, many of the rules that the GDPR places on companies are in line with some of the localized data protection laws that many Euro-facing businesses have had to abide by for years. Germany’s data protection rules, for instance, are some of the strictest of any major nation, and have had an influence on broader data collection policies at many of the largest data-centric organizations in the world.
The good news here is that many organizations might already be in an “okay” spot where compliance is concerned even if they haven’t read up on the regulation to date. Still, organizations should make sure that they have the appropriate personnel and resources who can assure everything checks out before the May 25th start date. The Data Protection Officer (DPO), for instance, is a newly-defined role that the GDPR actually forces certain organizations to fill as a liaison between organizations and regulators.
Seeking out this individual – even if a company doesn’t require a DPO to comply – is something businesses would be wise to do immediately, giving their new DPO complete agency to make compliance their primary focus in the final days leading up to May 25.
This is just one of many steps that we outline in our ebook, “The 5 Ws of GDPR: A Starting Point For Compliance.” This document is a quick reference for any team still asking questions about the GDPR as the clock runs down on the regulation’s start date, along with our guide, “Data Protection Officer: The IT Role You Didn’t Know You Needed,” which outlines the ideal characteristics of an effective DPO.
Simon Eappariello is the Senior Vice President, Product & Engineering, EMEIA at iboss