The Compliance Clock is Ticking—Are You Ready for GDPR?
- February 15, 2018
- Posted by: Gary Evee
- Category: Compliance
Let’s face it, despite the fact that you’ve had 19 months, you are unprepared for the May 25, 2018 deadline. The countdown to the GDPR deadline is fast approaching, and whether it’s because they don’t care, they’re overwhelmed, or they don’t know where to begin, most companies have not yet taken the steps required for their business to become compliant.
According to Forrester, “80% of firms affected by the GDPR will not comply by next May.” If you are one of the 1 in 4 organizations unprepared to be in compliance with GDPR by May 2018, it’s time to start implementing changes. But it’s been five years and a lot of breaches since GDPR discussions started, so perhaps a lot of us don’t want to be in compliance.
The consequences for not complying with the EU General Data Protection Regulation will be more than some companies can financially afford. The new regulation can very well end up placing a considerable amount of strain on the resources within an organization. For small businesses, dealing with these data collection and processing regulations will be overwhelming, if not crippling.
Now that we are only five months away from actual consequences, these realities might seem more alarming. It’s certainly not news that the GDPR sets forth the largest ever change to data collection policies across all sectors. So why isn’t everyone ready?
Because the goal of the regulations is to protect individual’s personal data, companies will need to make significant changes to the way they collect and process data. That means sweeping changes to people, processes, and technology which will require additional resources of both time and money.
Forrester said that 50% of those companies who are to-date unprepared will try but fail at compliance. That’s no surprise. Because so many companies have evolved along with digital transformation, most organizations–even SMBs–engage in some degree of data collection or processing that involves the PII of EU citizens. SMBs need help with putting in the right controls and implementing the proper protocols to defend against cyber threats. Many organizations will have to undergo a complete overhaul of their IT security and data privacy program.
- Generate a complete picture of the personal data you hold and know who has access to it.
- Practice the principle of least privilege by limiting access based on business need.
- Implement monitoring to detect any unauthorised access.
- Understand what security controls you have in place to protect the data, how effective they are, and where the gaps are by performing an assessment.
- Look at people, processes, and technology to develop a roadmap to improve your security program.
- Develop and implement a personal data breach notification process that includes incident detection and response capabilities.
Whether you are trying to understand if GDPR will impact your business or you are struggling to find the right solutions to meet compliance mandates, working with a trusted partner can help. With industry-leading technology, Evee Security Consulting Group and our trusted partners can help to deliver customized solutions based on your business needs. Contact us learn how we can help you develop a GDPR compliance roadmap.