A three step guide to GDPR

By Kindy Flyvholm, Programme Manager at Teradata, MSP, CIPP/E.

  • 6 years ago Posted in
The General Data Protection Regulation (GDPR) is being put into place to enforce digital privacy for consumer and employee data. This regulation is designed to level the playing field, by providing consistent guidance across the EU for companies and regulators. GDPR can be viewed as an opportunity to distinguish businesses from competitors, but how can business owners prepare? With the regulation due to take effect in a matter of months (25th May 2018), here are three steps all companies should take ahead of GDPR:
 
1.      Promote security measures
 
Consumers are increasingly wary of giving their information to online vendors, fearful of the consequences of sharing their data. Businesses should be using GDPR as an opportunity to promote their security measures and privacy initiatives with their customers. An organisation which shows understanding and compliance with GDPR, using terminology that is easily understood by their consumers, will enhance trust amongst their consumer base.
 
2.      Know your data inside out
 
Holding and processing private information about customers is a privilege that comes with the burden of proving that businesses are not susceptible to hacking, theft, or privacy breaches.  Knowing where all your private data is held, securing it appropriately, and staying on top of where the data is coming from and who it is being passed on to (for additional processing) are key to compliance and demonstrating businesses’ understanding of GDPR.  It is not enough to encrypt data or to put up a firewall: there are many options on the market which help with the entire security process. These options are not necessarily expensive either, especially compared to the fines, and breach of trust with consumers, for not preparing adequately.
 
In addition, companies must know where their data comes from and how it is handled by third parties. Businesses are responsible for their customers’ data, period.
 
3.      Don’t get caught out: prepare now or pay later
 
Since the GDPR does not come into effect until May 25th 2018, some organisations are taking their chances and waiting on the court and regulators interpretations. However, businesses should not be fooled into a false sense of security: the GDPR is based on a directive that has been in place for over 20 years, and the expectation of consumers and regulators is that private data is handled with great care. Some court cases will determine more precise interpretations of the law for specific instances, but privacy by design is a core part of the GDPR – so designing interactions with consumer privacy in mind will help to ensure companies of all sizes don’t end up on the wrong side of the law.
 
Teradata will be sharing more by way of guidance for organisations, ahead of GDPR, soon.
By Barry O'Donnelll, Chief Operating Officer at TSG.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Milou Lammers, Director of Compliance, iland.
By Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business at...
By Michael Queenan, co-founder and CEO of Nephos Technologies.
By Tawnya Lancaster, Lead Product Marketing Manager, AT&T Cybersecurity.
Why businesses need a bigger boat for tackling IaC security By Robert Haynes, SCA & Open Source...
Cybersecurity continues to be a major challenge for companies, with as many as four in ten...