As the scope of potential cyber threats continues to increase with greater speed and intensity, your company needs some form of information security to protect your organisation, your organisations data, your people and your reputation. In the spring your company will need to comply with new with governmental regulations – GDPR regulations coming into force in early 2018. These changes to data protection will have a significant impact on organisational governing policies, binding corperate rules, procedures, records and other documentation as well as the technology used to support them.
As GDPR introduces additional requirements when processing personal and sensitive information – some of the questions your organisation should already be asking.
- Do you know where your personal and sensitive data resides?
- What about your non-structured data (within MS exchange for example)?
- Do you know why you process it?
- Can you justify its prosession and its processing?
- Do you have explicit consent from the data subject?
- Can you provide it to a data subject if requested?
- Can you remove from your orgainisation if requested?
- Is your cloud/outsourced services partner compliant?
- Is your data bing processed outside of the EU?
- How aware is your organisation of the regulations?
- How up-to-date are your governing policies and procedures?
- How prepared is your organisation if a breach occurs?
- Can you demonstrate your organisation is compliant?
These are just a few of the questions orgainisation need answers and need these answers quickly. GDPR becomes a reality in Spring 2018 – and the time to act is now.