Connect with us

Big Data CIO

Companies are Unprepared for the GDPR

Published

on

The European General Data Protection Regulation (GDPR) replaces the Data Protection Directive (95/46/EC) and will ensure global protection of the data of citizens of the European Union (EU), wherever they work.

According to Gartner, Inc. more than half the companies affected will not be in compliance with the new rules. They advise organisations to focus on five changes:

1. Determine your role under GDPR

All organisations that process data will be labelled a “data controller” under these rules. This includes businesses outside the EU, which provide goods or services to the EU.

2. Appoint a data protection officer

Those organisations that process large amounts of personal data or are part of the public sector are likely to be required to appoint a Data Protection Officer (DPO).

3. Demonstrate accountability in all processing activities

Organisations must be transparent regarding any decisions affecting the storing and handling of any personal data. Outside parties must also comply with these rules. Organisations will need to ensure that subjects give consent to the storage and acquisition of their data and be able to provide evidence of this consent.

4. Check cross-border data flows

Data transfer within the EU will still be permitted, as will data transfer to countries that the EU has decreed to have “adequate” levels of protection. Outside the EU, organisations responsible for holding personal data on EU residents will need to comply with GDPR.

5. Prepare for data subjects exercising their rights

Under GDPR, EU citizens have the right to be forgotten, to obtain data that organisations have on them (data portability) and to be informed of any data breach. Organisations need to have adequate controls in place to comply with these demands.

Continue Reading

Copyright © The C Suite. The C Suite is published by Strategic Investment Ltd, Vale Road Studios, OCC, 105 Eade Road, London, N4 1TJ.