The go-live date for the European Union General Data Protection Regulation (GDPR) is still over a year away, but due to the wide-reaching implications of this new legislation, organizations are, rightly, getting their business in shape now. Businesses anywhere in the world that process EU resident sensitive data are likely impacted by the regulation. With any new regulation comes the inherent challenge of figuring something out for the first time.
Here are the top 5 challenges we typically see as organizations get into their GDPR compliance programs:
- The EU Resident is The New Data Owner: The GDPR includes a broad collection of rights that EU citizens will be entitled to as a way to protect their personal data. This is leading to a pendulum swing back the other way, where the EU citizen is the data owner and companies need to learn how to operate in that world.
- Confidentiality & Sensitive Data Protection: Next are the concepts that outline the confidentially and integrity of the data; these are the terms that stipulate mandated protections. Mainly pulling from Article 5 of the GDPR, these serve to define the data protection requirements.
- Notification Requirement: While owning up to a data breach is the right thing to do, GDPR puts the rules in place to determine what requires notification and when. This removes the element of company policy and creates a level playing field in the event things do go wrong.
- Privacy by Design & Default: This mandates businesses build in security and privacy by design and default. This includes developing, designing, selecting and using applications, services and products.
- Data Protection Officer: This new role is the central figure and he or she needs to be set up to succeed, once you find the right person. They will be given a seat at the leadership table, and must guide the organization to compliance and data security.
To hear more about how to address each of these challenges, watch our webinar about each of these challenges and the steps required to address them ahead of the May 2018 GDPR deadline.