As the scope of potential cyber threats continues to increase with greater speed and intensity, your company needs some form of information security to protect your organisation, your organisations data, your people and your reputation. In the spring your company will need to comply with new with governmental regulations – GDPR regulations coming into force in early 2018. These changes to data protection will have a significant impact on organisational governing policies, binding corperate rules, procedures, records and other documentation as well as the technology used to support them.

As GDPR introduces additional requirements when processing personal and sensitive information – some of the questions your organisation should already be asking.

  • Do you know where your personal and sensitive data resides?
  • What about your non-structured data (within MS exchange for example)?
  • Do you know why you process it?
  • Can you justify its prosession and its processing?
  • Do you have explicit consent from the data subject?
  • Can you provide it to a data subject if requested?
  • Can you remove from your orgainisation if requested?
  • Is your cloud/outsourced services partner compliant?
  • Is your data bing processed outside of the EU?
  • How aware is your organisation of the regulations?
  • How up-to-date are your governing policies and procedures?
  • How prepared is your organisation if a breach occurs?
  • Can you demonstrate your organisation is compliant?

These are just a few of the questions orgainisation need answers and need these answers quickly. GDPR becomes a reality in Spring 2018 – and the time to act is now.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable.

Reviewing the information about the regulations – the following links are recommended.

EU GDPR Official Resources

GDPR Official Text (English, pdf)

EU GDPR Home Page

Working Party 29 Guidance

WP29 Home Page

Guidelines on “Right to Portability” (pdf)

Guidelines on Data Protection Officers (pdf)

Guidelines for identifying a controller or processor’s lead supervisory authority (pdf)