GDPR starts now! Get your organization compliant with the new privacy regulation by May 2018
GDPR, the General Data Protection Regulation, is the regulation adapted by the European Commission in April 2016. This regulation applies to all companies, worldwide, that deal with personal data of EU citizens. GDPR was adopted April 2016 and enters into application May 2018. Although this may look far away, now is the time to take some actions!
Personal data privacy is not new. However, until now most privacy regulation was based on local legislation. Also lots of these legislations are not any more up-to-date for the digital society we are living in. Think about cloud, big data, information exchange, … Therefore the European Commission defined GDPR as the data protection act which has to replace all local data protection laws in all countries of the European Union.
Probably one of the most radical changes is the fact that penalties up to 4% of the annual turnover are introduced for those who are not compliant with GDPR. However, next to the penalties part there are also substantial changes such as the definition of ‘personal data’ which has become broader, the introduction of a mandatory risk impact assessment, the right to be forgotten, international transfer of data, etc.
Therefore it is important to make the GDPR consciousness explicit in your organization and to define an active program for it.
Although lots of organizations see GDPR as a burden, it can also be seen as an opportunity to get your information management right. After all, the effective use of information inside an organization is worth a lot of money. This way, GDPR can act as an opportunity inside your organization to get the information household right, in such a way to gain productivity by efficient and effective usage of the available data, instead of losing money by paying penalties.
One of the first steps is to know which information is available in your organization. In a lot of enterprises we noticed that there is no clear view on which information is processed. In order to know the impact of GDPR it is necessary to create insights in your current information architecture and in defining your future information architecture. Such a future information architecture is not only compliant with the GDPR, but also leverages the efficient usage of information inside your organization.
Next to getting insight in the information architecture, it’s also important to know what the information is used for. Data is processed by applications and in order to be compliant with the GDPR it is important that your application landscape processes this information in the right way. After all, privacy by design is included in GDPR which means that when you design new systems you have to take data protection into account from the early beginning.
How can LoQutus help you?
- Get insight in your information architecture, define your future information architecture which is compliant with GDPR and offers additional benefits for your organization.
- Define the impact of GDPR on your application landscape
- Create a roadmap to make sure that your organization is GDRP compliant by 2018
- Design new solutions which are GDPR compliant and in line with the privacy by design principle
- Define & implement privacy governance, policies & procedures
Join our free event on information governance on October 6.
In this event LoQutus and DLA Piper join forces to tackle GDPR in the broad sense, minimizing risk and ensuring compliance.