GDPR preparation: 2018 data protection changes

Changes to data protection rules will have major implications for your business

Who is responsible?

As Kaspersky's recent guide, Fighting fit: running rings around GDPR compliance, suggests, GDPR is a company-wide responsibility, and effects departments in ways that aren't immediately obvious.

Legal team

The most notable of these is the legal team, which already has to deal with a host of other regulations. Instead of managing everything, legal should be focusing on specific areas, such as contract management and supply negotiations. Those contracts that extend beyond the implementation of GDPR need to be revised and updated, while new contracts need to be built upon the revised regulations. The legal team will also need to have ensured suppliers are also in compliance, and that their systems are robust enough to deal with information requests.

Advertisement - Article continues below

Sales and marketing

For most businesses, sales and marketing are at the front line of dealing with customer data. It is no longer enough to rely on pre-ticked boxes or customers who fail to unsubscribe from marketing material. Businesses must ensure their marketing teams are targeting consumers who have 'opted in' to receive that material, with accompanying consent text that is clear and noticeable. Sales teams need to keep an accurate audit trail of those customers who have decided to opt in.

Advertisement
Advertisement - Article continues below

Finance

The regulations will also significantly impact the way finance and accounting operate within a business. Enormous amounts of personal data can pass through the finance department, and the biggest GDPR fines tend to be issued to businesses that fail to secure this pillar. GDPR compliant data breach notification systems must be in place immediately report any issues while automating some processes will help reduce a significant risk to security - human error. If you are lagging behind in GDPR compliance it's worth noting you won't need to start from scratch with policies, as many can simply be updated.

Advertisement - Article continues below

HR

Even HR plays its role for a business to fully comply with GDPR. The regulations will enhance the rights of employees, giving them greater protection over their data. The department as a whole will, therefore, must be as transparent with employee data as the business is with customer data. The legal justification of data processing needs to be made obvious in any dealing with employees or job applicants. In most cases, it may now be prudent to appoint an individual in charge of reacting to data breach incidents, as well as issuing regular training to employees to help them identify threats and respond accordingly.

IT

Underpinning all of this change is the IT department. While not explicitly affecting these teams directly, GDPR has a dramatic effect on the way IT provides support. Internal software needs to be easy to use and data should be accessible in the event a request for data is received, and the use of hardware should be heavily audited. Privacy is now paramount, therefore systems must be in place to prevent, or minimise the likelihood of data breaches, such as authentication or encryption.

Data breach notifications

One consequence is that businesses, large and small, now find themselves required to report most data breaches that impact personal data. That means notifying both the Information Commissioner's Office (ICO) and the individuals whose data has gone walkabout.

Advertisement - Article continues below

"Loss of client data is a major risk to any business, and the stakes are only getting higher," said John Michael, CEO at iStorage. "The feedback from iStorage clients is that most data losses arise from human error, rather than any conscious contravention of the rules, or a lack of internal compliance effort." This implies that the shift in emphasis to pro-active self-review and analysis should cut mistakes and limit data losses.

"The increase in financial risk from the new penalties will also see greater investment in encryption technology and tools to reduce the risks arising from the human element," Michael suggested.

What does GDPR mean for your business? Register to watch our live webinar, sponsored by SolarWinds, first hosted on 2 March, to find out from the experts.

  • Security
  • General Data Protection Regulation (GDPR)
Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020