The GDPR Countdown begins...now

Life comes at you fast in the world of data protection...

May 25th, 2018. Save the date, as that’s when, exactly one year from now, the new General Data Protection Regulation (GDPR) will come into effect.

Can I get a recap?

Devised by the European Parliament, the Council of the European Union and the European Commission, the GDPR (EU Regulation 2016/679) will “enhance the data protection rights of individuals and improve business opportunities by facilitating the free flow of personal data in the digital single market” – and yes, it applies to soon-to-be-Brexited Brits.

In fact, it applies to any companies, government agencies, non-profits or other organisations that offer goods and services to people in the EU, or that collect and analyse data tied to EU residents, no matter where they’re located or how much EU data they currently have (or may acquire in the future).

Ch-Ch-Ch-Changes

What’s changing? A fair amount. Computer technology and the internet are almost unrecognisable compared to their counterparts of two decades ago, whereas regulations surrounding personal data have barely evolved in the same time.

The GDPR brings them more in line with current technologies and increases the uniformity of privacy regulations across the EU’s member states.

As per the official website of the Information Commissioner’s Office (ICO), the most significant addition is the accountability element, which requires that your organisation can show how it complies with the following principles regarding personal data:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary
  • Accurate and, where necessary, kept up to date
  • Kept in a form which permits identification of data subjects for no longer than is necessary
  • Processed in a manner that ensures appropriate security of the personal data

Organisations are responsible for, and must be able to demonstrate, compliance with the above (abbreviated) principles. For the full list, click here.

You have 31,536,000 seconds to comply

The changes are significant and will require investment, but you won't be on your own for the next 12 months.

As a technology provider that deals with the personal data of individuals, the GDPR is being taken seriously here at Vuture, and we’re keen to support our users on their own journeys to compliance.

Our goal is to streamline your journey using technology, innovation and close collaboration without taking away focus from your core business endeavours.

Through our cloud services and on-premises solutions, we’ll help you locate and catalogue the personal data in your systems, build a more secure environment, simplify the management and monitoring of personal data, and give you the tools and resources you need to ensure compliance with the key principles listed above.

Where to start

The GDPR contains many requirements about how you collect, store and use personal information. This means not only how you identify and secure the personal data in your systems, but also how you accommodate new transparency requirements, how you detect and report personal data breaches, and how you train privacy personnel and employees.

Given how much is involved, the sooner you start preparations, the better.

Begin by reviewing your privacy and data management practices. Failure to comply with the GDPR may prove costly, as companies that don’t meet the requirements and obligations could face substantial fines and reputational harm.

We recommend that you start by focusing on these five key steps:

  1. Discover: Identify what personal data you have and where it resides
  2. Control: Manage how that personal data is used and accessed
  3. Protect: Establish security controls to prevent, detect and respond to vulnerabilities and data breaches
  4. Report: Action data subject requests and keep required documentation
  5. Review: Analyse your data and systems, stay compliant and reduce risk

Vuture's GDPR commitment

The goals of the GDPR are consistent with our long-standing commitment to security, privacy and transparency on a global scale.

Below are a few of the actions that we’ve already undertaken:

  • Making our products and services fully compliant
  • Updating the features and functionalities in all our services
  • Updating our documentation and customer agreements

By working together to prepare for the legislation, compliance is assured and your clients will be happily satisfied that their data is in safe hands.

Let's elevate your firm to GDPR-ready status while there’s still time. Speak to us today.

By Adam Deakin, May 2017