Are you ready for the GDPR, coming into effect in less than 18 months?
Companies that fail to comply with the new European Union General Data Protection Regulation (GDPR) which comes into effect on the 25th May 2018 could be subject to a fine of up to 4 % of global annual turnover per incident, according to Edward Lucas, senior editor at The Economist.
Lucas was speaking at #teissLondon2017. He said: “It is a great mistake not to take this stuff seriously. If you look at the history of EU enforcement, some of the biggest companies like Microsoft and Gazprom have fallen foul of the laws.”
He added: “Things are going to go wrong, but did you take reasonable precautions? If you have not met a bunch of standards it is going to be serious.”
According to Lucas, many organisations currently do not realise they could be impacted by the GDPR: all a company needs to have is 5000 data subjects in the EU to be impacted. It applies, he said “even if a company [just] keeps data on people from a website and they are from the EU. It is very broad scope.”
Organisations need to take steps to protect themselves from information leaks. Lucas advises firms start by assessing the data they hold, identifying why they are holding it, and where the risks from leaks are.
Secondly, organisations should start building a prevention strategy. For instance they might consider encrypting any personal data and limiting the people who have access to that data.
Finally organisations should consider how they will detect leaks and attempted breaches; this will involve having good visibility over the whole of their network.