GDPR enforcement is changing how businesses collect and process data.
While the General Data Protection Regulation is EU law, after May 25 fines may be leveraged against any company that deals with EU residents’ data, regardless of size or location. With these fines potentially four per cent of annual revenue or €20 million — whichever higher — GDPR is the major compliance challenge for many companies the world over.
If you work with information that could be used to, directly or indirectly, personally identify EU residents, you need to prepare your operations for these new requirements — whether or not you physically operate within the EU.
This may mean revising your data security practices, the way in which you obtain consent for data collection and processing, and your approach to data breaches. And you'll want to do it now rather than wait for regulators or consumers to discover you're not meeting your obligations.
Five Steps To Compliance
1) Have You Assessed Your Current Privacy Status?
Take an inventory of what you currently do around privacy. Are there existing privacy compliance standards you already adhere to? Do you have a Data Protection Officer? Security and privacy experts can help you work to identify gaps in your process with regard to GDPR .
2) Is There A Business Case for Compliance?
With the analysis, you can assess the financial impact of compliance to the business. While avoiding fines is the obvious compelling factor, and compliance may mean particular business uses of data are no longer possible or must be scaled down, the prospect of happier, more trusting customers should not be ignored as a benefit.
3) Do You Have Road Map for Implementation
With the tasks defined and the budget in place, you can now work out a detailed plan to address the gaps you identified. Ensure everything is addressed and correctly prioritized by working with privacy and security experts.
4) What's Been Tested?
Commit to a comprehensive testing plan once the implementation has been completed and audit your processes until you’re satisfied they’re performing as required. Find any gaps before the regulators do.
5) Set Goals to Improve Iteratively
If you consider GDPR’s effect to be a one-shot update to your systems, never to be revisited, you’ll find yourself afoul of a regulation sooner or later. Going forward, GDPR and evolving public opinion should inform your ongoing privacy and security strategy. Document, evaluate, and improve your compliance strategy to stay on top.
Working with a Partner
GDPR enforcement’s been a long time coming, and major companies like Microsoft have had plenty of time to prepare high level solutions, just as partner companies are now ready to implement fixes tailor-made for specific workplaces. Microsoft Compliance Manager, for instance, adds various tools to help companies assess their compliance through Azure, Dynamics 365, and Office 365, and we have a service ready to assist with Office 365 assurance and compliance.
CrucialLogics is a Microsoft Certified Partner, able to help you with effective use of Compliance Manager throughout the five steps we’ve identified. If you’d like to know more about how to ensure your Microsoft products combined with your business processes align with compliance standards, explore our Assurance Services and contact us today.
The challenges never end for CSOs. But if you're looking at anything from a quick security consult to a full scale cybersecurity solution deployment, start here.