Time is running out for organizations to prepare for the new Data Protection Regulation.
By now, organizations should be well aware that the EU General Data Protection Regulation (GDPR) comes into effect in the UK on 25 May 2018, and will severely penalize those not ready in time.
Non-compliant businesses based in, or operating from, the EU could face fines of €20m or 4% of their annual turnover.
Despite the prospect of such significant penalties, recent business surveys suggest the majority of UK businesses have not yet started preparing for the new regulation. Stephen Scott, our Senior Manager of Cyber Security and Information Resilience (CSIR), says the problem remains acute in large organizations, “where there’s more political complexity and it’s harder to get a compliance project kicked off”.
He continues, “There’s a general misconception that this is an IT or compliance-driven issue, when in fact it should be business-driven. It needs to be escalated to board level and addressed strategically to provide the necessary leadership and company-wide approach. This is a legal obligation and with less than nine months to go, it’s time to put your house in order.”
Initial key steps will need to include:
- Gaining senior management buy-in
- Identifying a project owner
- Allocating a project budget
- Identifying internal resources or external help, as required
- Scoping the project, including mapping where the organization solicits, stores or shares personal data
The success of the project is very much dependent on the accuracy of the initial scoping exercise. That’s where we can help you figure out what you need to do and assist you in building a project plan.
Further information on GDPR:
Path to GDPR webinar series >
BSI Whitepaper on EU Data Protection Reform >