01732 759725
GDPR
38
“It’s fair to
say that many
businesses and
public sector
organisations are
under-prepared.”
Countdown to GDPR
GDPR in numbers
With less than a year until the EU
General Data Protection Regulation
(EU GDPR) comes into force on May
25, 2018, the latest research findings
suggest that UK businesses are still
woefully under-prepared.
n
Almost one third (32%) of professionals
are worried their organisation doesn’t
have the necessary technology to manage
data effectively, including the ability to
search, discover and review data. Almost
four out of 10 (39%) question their
organisation's ability to identify and locate
data accurately, which they will need to do
in order to comply with the requirement
to locate personal identifiable information
(PII) when asked to do so. Slightly more
(42%) have no way to determine which
data should be saved – under GDPR,
organisations must delete personal data
once it is no longer needed for its original
purpose.
(source: 2017 Veritas GDPR
report – veritas.com/gdpr)
n
16% of businesses take between one
and six months to detect a security threat
and 5% only detect a threat when notified
by external parties. The GDPR time-frame
for breach notification is 72 hours.
(source: Data Protection, Prioritizing
Regulations & Guidelines, Blancco)
n
More than two thirds (68%) of Heads
of HR, Payroll Managers, IT and Financial
Directors have not yet received any GDPR
awareness training. A further 53% have
yet to access and appoint a Data Privacy
Officer.
(source: MHR
)
n
73% of UK businesses have not
allocated any budget to ensure
compliance with GDPR and 53% have not
yet appointed a Data Protection Officer
(source: CareersinCyberSecurity.co.uk and
London law firm Hamlins LLP)
.
n
82% of UK local authorities have not
yet allocated budget for implementing
GDPR provisions, and 56% have not
yet appointed a Data Protection Officer
(source M-Files
).
Risky business
International Data Corporation (IDC) is warning cloud service providers
(CSPs) that they are at risk of underestimating the impact of the General Data
Protection Regulation (GDPR) on their business models.
IDC warns that most CSPs will be affected by GDPR because the definition of
processing is broad and includes simply storing personal data. Personal data is also
broadly defined and includes any data that relates to an identified or identifiable
living human.
A new IDC report —
The Impact of GDPR on Cloud Service Providers
— is divided
into two parts; one examines general considerations for contracts and liability; and
the other focuses on security, international data transfers and other considerations.
The report notes that CSPs not based in the EU will be impacted by GDPR if they
offer goods or services to EU-based individuals, either directly or via a customer
organisation such as a retailer or SaaS provider.
IDC advises CSPs to understand the cloud supply chain and conduct due
diligence on sub-processors. This includes auditing sub-processors and perhaps even
customers to ensure that cloud services are used in a compliant manner.
Advice & information
There’s no shortage of advice available
to help organisations prepare for
GDPR. Here's a selection of some of
the latest tools and guides.
Big data
Data science company Dataiku has
published a white paper detailing how
Big Data organisations can start on the
path towards GDPR compliance.
The
Five Essential Pillars of Big Data GDPR
Compliance
addresses five critical data
governance challenges:
1
Data Storage
– determining where
personal data is stored across multiple
data sources by auditing who has access
to what, and what sources are being used
for which projects;
2
Aligning Teams
– aligning everyone
in the company (IT, marketing, customer
support and data teams) on new policies
and execution of any changes;
3
Accommodating Data Subject
Requests
– putting processes in place
to accommodate requests from data
subjects in relation to their right to be
forgotten; to access information about
what data is being processed where and
for what purpose; to receive a copy of their
personal data held by you; and to question
decisions that affect them that have been
made on a purely algorithmic basis;
4
Data Governance
– ensuring proper
data governance, security and monitoring
are in place in case of an audit; and
5
Adaptability
– implementing solutions
that keep operations flexible and easily
adaptable to change.
GDPR action points
Law firm Blake Morgan
has launched a free
guide to GDPR.
GDPR:
A Practical Guide to
Achieving Compliance
highlights a number of
action points businesses
will need to address if they
are to avoid fines of up to £17m or 4% of
their annual worldwide turnover (whichever
is greater). To download a free copy of the
guide visit
Self-assessment tool
Data governance, risk and compliance
consultancy DQM GRC has launched a free
online GDPR Self-Assessment Tool. The
12 question assessment generates a free
downloadable report with an overall GDPR
readiness score out of 100. It breaks down
each individual response to highlight an
organisation's strengths and weaknesses
and gives practical advice on what steps it
should take to ensure compliance.
GDPR & marketing
Relay 42 and CapGemini have produced
a whitepaper explaining the implications
of GDPR for chief marketing officers
(CMOs) in financial services companies.
GDPR for Financial Services Marketing:
How to translate data regulation into
customer opportunity
argues that the
momentum generated by GDPR provides
an opportunity to build relationships with
customers based on trust.
1
©2017Dataiku, Inc.
|@dataiku
FIVEESSENTIALPILLARSOFBIGDATA
GDPRCOMPLIANCE
ThePath toComplianceThrough
DataGovernance
WHITE PAPER
Bruce Potter,
Chairman
of Blake Morgan
Almost one
third (32%) of
professionals
are worried their
organisation
doesn’t have
the necessary
technology to
manage data
effectively
