The EU’s GDPR (General Data Protection Regulation) comes into force on 25 May 2018 – Many organisations are still scrambling around trying to get their ducks in a row. GDPR will not only apply to companies based in the EU, but also to any organisation that handles data pertaining to EU-based customers or businesses. Non-compliance with GDPR’s breach notification regulations will carry fines of up to €20 million or 4 percent of a company’s global annual turnover in the preceding financial year, whichever is greater.
Many CIO’s will be challenged to get ready in time. Large companies started their initiatives 1-2 years back and will be on track but smaller and midsize companies that have immature security practices in place will struggle to be ready in May 2018. The plus side is that GDPR will force many companies to assess their wider data security practices’ and hopefully this will lead to them having more robust practices in place for future cyber security attacks.
If you are still thinking when, where and how do I get started?
The answer is a ‘Readiness Assessment’
Conducting a readiness assessment is a way to ensure that internal processes and technology is effective at meeting the guidelines and ensuring you are compliant. The benefits of the assessment is that the processing organisation is able to demonstrate which data protection capabilities are in place and what their status is (green, amber or red). The readiness assessment should be more than a checklist stating which capabilities are implemented. It should also identify any gaps. Typically, stakeholders from various departments contribute during a series of workshops. These cross-organisational discussions help identify existing data protection capabilities as well as risks across various attributes such as principles, policies, process, procedures, standards, architecture and technologies.
If you need help with this assessment please do not hesitate to get in touch we can complete it in a few days.