GDPR preparation: 2018 data protection changes

Changes to data protection rules will have major implications for your business

Who is responsible?

As Kaspersky's recent guide, Fighting fit: running rings around GDPR compliance, suggests, GDPR is a company-wide responsibility, and effects departments in ways that aren't immediately obvious.

Legal team

The most notable of these is the legal team, which already has to deal with a host of other regulations. Instead of managing everything, legal should be focusing on specific areas, such as contract management and supply negotiations. Those contracts that extend beyond the implementation of GDPR need to be revised and updated, while new contracts need to be built upon the revised regulations. The legal team will also need to have ensured suppliers are also in compliance, and that their systems are robust enough to deal with information requests.

Sales and marketing

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

For most businesses, sales and marketing are at the front line of dealing with customer data. It is no longer enough to rely on pre-ticked boxes or customers who fail to unsubscribe from marketing material. Businesses must ensure their marketing teams are targeting consumers who have 'opted in' to receive that material, with accompanying consent text that is clear and noticeable. Sales teams need to keep an accurate audit trail of those customers who have decided to opt in.

Finance

The regulations will also significantly impact the way finance and accounting operate within a business. Enormous amounts of personal data can pass through the finance department, and the biggest GDPR fines tend to be issued to businesses that fail to secure this pillar. GDPR compliant data breach notification systems must be in place immediately report any issues while automating some processes will help reduce a significant risk to security - human error. If you are lagging behind in GDPR compliance it's worth noting you won't need to start from scratch with policies, as many can simply be updated.

HR

Even HR plays its role for a business to fully comply with GDPR. The regulations will enhance the rights of employees, giving them greater protection over their data. The department as a whole will, therefore, must be as transparent with employee data as the business is with customer data. The legal justification of data processing needs to be made obvious in any dealing with employees or job applicants. In most cases, it may now be prudent to appoint an individual in charge of reacting to data breach incidents, as well as issuing regular training to employees to help them identify threats and respond accordingly.

IT

Advertisement - Article continues below

Underpinning all of this change is the IT department. While not explicitly affecting these teams directly, GDPR has a dramatic effect on the way IT provides support. Internal software needs to be easy to use and data should be accessible in the event a request for data is received, and the use of hardware should be heavily audited. Privacy is now paramount, therefore systems must be in place to prevent, or minimise the likelihood of data breaches, such as authentication or encryption.

Data breach notifications

One consequence is that businesses, large and small, now find themselves required to report most data breaches that impact personal data. That means notifying both the Information Commissioner's Office (ICO) and the individuals whose data has gone walkabout.

"Loss of client data is a major risk to any business, and the stakes are only getting higher," said John Michael, CEO at iStorage. "The feedback from iStorage clients is that most data losses arise from human error, rather than any conscious contravention of the rules, or a lack of internal compliance effort." This implies that the shift in emphasis to pro-active self-review and analysis should cut mistakes and limit data losses.

"The increase in financial risk from the new penalties will also see greater investment in encryption technology and tools to reduce the risks arising from the human element," Michael suggested.

Advertisement
Advertisement - Article continues below

What does GDPR mean for your business? Register to watch our live webinar, sponsored by SolarWinds, first hosted on 2 March, to find out from the experts.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/data-insights/big-data/354311/google-reveals-uks-most-searched-for-terms-in-2019
big data

Google reveals UK’s most searched for terms in 2019

11 Dec 2019