By Sneha Paul, ManageEngine
The General Data Protection Regulation (GDPR) brought a massive overhaul in data protection laws for EU citizens when it went into effect on May 25, 2018. This new regulation overrides the Data Protection Act (DPA) of 1998, employing similar concepts and underlying foundation. However, the GDPR is more focused on strengthening data privacy. Under the GDPR, organizations that are located in the EU or process EU citizens' data have to get specific consent from data subjects for data collection and will have to immediately inform them about breaches.
The GDPR aims to make data processing more transparent and give data subjects greater control over how their data is handled. Under the GDPR, individuals have the “right to erasure,” meaning they can request that an organization permanently delete all their data, including web records. Financial implications for failure to adhere to the law are also greater under the GDPR. Non-compliant companies will have to shell out a fine of either 4 percent of their annual turnover or €20 million, whichever is greater. That's enough to shut down one in five businesses!
The realm of the GDPR’s impact extends far beyond the EU; the GDPR applies to all foreign and domestic businesses that hold any form of personal data pertaining to EU citizens, whether they're customers, employees, or other stakeholders. Despite the GDPR's strict requirements organizations like yours may find many advantages as they move toward compliance. Here are just a few of the added benefits of becoming GDPR-compliant:
GDPR compliance proves to customers your organization is a good custodian of data. This new legislation mandates each organization have a data protection officer (DPO), along with regular audits of data processing activities. Furthermore, your organization has to comply with a set of data protection principles under the GDPR, ensuring the necessary framework is in place to keep data subjects' personally identifiable information secure.
During the past year, attacks against companies like Wonga and Equifax suggest the consequences of a data breach can be devastating to your brand equity with customer defection shooting through the roof and costs escalating for affected companies. The GDPR's proposed security practices will bolster your brand's reputation, showing customers you have a robust data governance system in place.
Cyber security breaches loom as a big threat to enterprises in the UK with 68 percent of large firms there having encountered a cyber-attack according to the Cyber Security Breaches Survey 2017. With the scale and sophistication of these attacks growing each day, having a GDPR-compliant framework in place extends your cyber security practices.
The GDPR mandates using privileged and identity access management to give only a few professionals access to critical data in your organization, thereby ensuring data does not fall into the wrong hands. Additionally, under the GDPR, your organization has to disclose any breach within 72 hours of its occurrence. GDRP compliance lays the groundwork for improved data security.
Complying with the GDPR helps your organization cut costs by prompting you to retire any data inventory software and legacy applications no longer relevant to your business. By following the GDPR's mandate to keep your data inventory up-to-date, you significantly reduce the cost of storing data by consolidating information present in silos or stored in inconsistent formats. Your organization will also be freed of data maintenance costs which otherwise would have been incurred in the form of man-hours and infrastructure maintenance.
Another cost benefit of the GDPR is your organization is able to more effectively engage with customers. The communication will be more personalized because of the granularity of the information collected, thus saving you the sunk cost of pursuing uninterested consumers.
As an extension of GDPR compliance, your organization has to move towards improving its network, endpoint, and application security. Migrating towards the latest technologies — virtualization, cloud computing, BYOD, and IoT — serves two purposes: one, giving you a way to more effectively manage the growing demand for data and two, allowing you to offer end users augmented products, services, and processes.
With third-party management tools, your organization can constantly monitor its new environment for any data breach. These tools monitor log data and keep a tab on the data transferred outside your environment. They also check the integrity of files and folders in your network, endpoint devices, and applications, as well as on the cloud. Most third-party tools will send out an alert notification whenever an anomaly is detected, thereby giving you time to minimise or avert any compromise.
Under the GDPR, organizations can no longer make automated decisions based on an individual’s personal data. After all, automated decisions, such as determining whether or not to provide insurance or a loan to a customer, can be prone to error. The GDPR mandates the right to obtain human intervention, thereby decreasing room for arbitrary decisions.
Thanks to the GDPR, your organization's data will become more consolidated, ensuring it is easier to use and you have a greater understanding of its underlying value. This insight will let your organization learn more deeply about its customers and identify areas where customer needs are unmet. By using customer information effectively, your organization will be able to make better decisions and consequently get a better return on its investments.
Embracing The GDPR
Organizations need to understand the GDPR is not just a regulatory obligation, but also a means for achieving business and technology alignment. With data becoming the new oil in today’s digital economy, companies need to take into account a comprehensive approach while aligning their organization's information and data management policies with regulatory frameworks.
About The Author
Sneha Paul is a product consultant at ManageEngine, a division of Zoho Corporation, where she actively follows the IT management industry and helps organizations address the challenges they face in managing their IT. For more information on ManageEngine, the real-time IT management company, please visit www.manageengine.co.uk; or follow the company blog at https://blogs.manageengine.com.