GDPR: Who’s ready and how to get ready

GDPR (General Data Protection Regulation) is the EU’s new regulation governing data within its geographical jurisdiction or belonging to its citizens.

It comes into effect next May, and so far according to a W8 Data report in Research Live, only 25% of data is compliant and only 35% of companies have a data cleaning process in place.

The new regulation seems to me to be full of initiatives that most citizens would be pleased with. This includes a citizen’s right to access the data a company holds on them and to also delete it. Coupled with this, companies’ will have to ensure that they only take the data strictly necessary for a proposed process, and will have to make that data available to transfer to other services should the customer so wish.

GDPR will cover not only businesses in the EU but any businesses outside the EU who want to operate in the EU, and there’ll be stiff fines in place for ignoring it.

Organisations are starting to suit up with the UK’s Home Office appointing a data-protection officer, which perhaps suggests that the UK will be mirroring this legislation onto their statute books during the Brexit process.

And Scott Simpson, founder of the Security Circle, has suggested that with 9 months left until the law is passed, time is running tight and businesses need to jump into action now.

Simpson is quoted as saying “GDPR will be far-reaching and ruthlessly enforced, it is the vehicle by which the UK Government will ensure organisations are cyber resilient so companies shouldn’t think they are too small or their data ‘too insignificant’ to be of interest to the Information Commissioner’s Office.”

So what does one do? Solutions abound, companies like FileFacets allow companies organise information by creating PII (Personally Identifiable Information). PII is “data containing information such as Social Security Numbers, credit card numbers, or other private information that could be used to identify an individual [that] can easily be recognized and securely segregated, or migrated, if necessary.”

Further, companies like ManageEngine usually provide helpful run-downs of the new laws, how it will affect companies and what needs to be done about it. Most businesses which provide a solution are now using a countdown clock until next May. And they usually provide multiple tools to tackle what is a complicated problem.

Companies have amassed huge quantities of information in order to have as much as access as possible, as often as possible. I have worked for companies where we have only ever used 15% of our total database. Not only did we have a lot of companies in our database we didn’t use, but it made the whole system slow and reporting unwieldy.

Though these new regulations will be difficult initially for everyone to adhere to, it may well be the case that companies operating in the EU henceforth find it much easier to integrate and work with each other since all will have to standardise their databases.

Whatever happens, these new laws look to be the type of thing which will be very popular publicly – the kind that might become loved almost as soon as they’re implemented. I would imagine that within a year or two of the laws being put in place companies caught offside with GDPR could be seen as just as unpopular as companies who do not pay their taxes.