- Does your organization:
- Process the personal data of EU citizens?
- Have a physical presence in Europe?
- Have a web presence that provides goods/services to EU citizens?
If you answered yes to any of these, then you need to consider whether the GDPR legislation applies to your business and how you will comply. If you are already on the path towards compliance with the EU General Data Protection Regulation (GDPR), then you are further than most organizations. However, if you haven’t started yet, you should be reassured that you can leverage Mavim to help you visualize and demonstrate your compliance to the GDPR in 2018.
What is the GDPR? Does it apply to my company?
The EU General Data Protection Regulation (GDPR) in legislation that will come into force on May 25th, 2018. The aim of the GDPR is to protect consumers and create clear regulations for organizations that store personal data. The GDPR ensures that personal data is stored with consent and for a duration that is in line with the reason for obtaining the data initially. The primary drivers behind the GDPR are the need for standardization and for consumer protection. In order to give businesses (in particular, multi-nationals) a clearer legal space to operate, the EU has chosen to create a data protection law that encompasses the single market. Additionally, many data protection laws were introduced before the advent of new technologies such as the cloud. By strengthening data protection, the EU hopes to increase consumer trust in the booming digital economy. The regulation applies if the organization that collects data from EU residents or processor of said data (ex. cloud service provider) or the data subject is based in the EU. The European commission defines personal data as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, home address, photo, email address, bank details, social media messages, medical information or a computer’s IP address.
What is the impact of non-compliance?
This legislation introduces tougher fines for breaches and gives the individual consumer more say in what companies are allowed to do with their data. The heart of the legislation is data privacy for individuals. The fines associated with non-compliance run up to €20 million or 4% of annual global revenue, depending on which is greater. Last year, Gartner put forth a strategic planning assumption that predicted that 50% of companies affected by GDPR will not be in full compliance with its requirement. However, current progress indicates that it is more likely that upwards of 80% of organizations impacted will fail to be fully compliant by the required date.
What does that mean for your company?
It is highly unlikely that the EU will proceed to fine every non-compliant organization. What is likely to happen is that each industry will see at least one of the leaders receive massive fines. The desired effect, of course, is to scare organizations into compliance. Minor infractions will be overlooked as long as the organization in question can demonstrate that they are on a journey to becoming fully compliant within a reasonable time frame—keyword here being “demonstrate”. Mavim provides a Microsoft-based software solution designed to help organizations visualize and demonstrate compliance to the GDPR. All relevant data and its organizational context (who is in charge of it, what is it purpose, where can it be found, etc.) can be stored and managed directly in Mavim, which allows you to stay audit-ready. When it is clear who does what, when and how, the auditor can quickly see that the business is compliant or is well on their way towards full compliance.