With GDPR now just a month away from becoming law, the need for preparedness is vital.
The new regulations are set to have a significant impact on many areas of your business, requiring a much tighter level of control over your data than ever before.
With many businesses still apparently not prepared for the new rules though, what can be done to ensure your company is not caught out? We asked some of the technology industry's biggest names for their advice...
Hugh Milward, director of corporate, external and legal affairs at Microsoft UK:
"The ability to manage and protect data is not only a compliance necessity, it’s also important for building trusting relationships with customers."
"Forward-looking leaders see GDPR as way to help build a data-driven culture in which each person – from interns to the chief executive – sees themselves as a data champion. They are using this opportunity to clearly communicate their vision of how data will take their business forward in a cloud-first world. This means ensuring all employees understand their role in using data responsibly to help customers, unlock growth opportunities and outperform their competition."
Chad Woolf, vice president, AWS Security Assurance:
"GDPR is important. You need to have a plan in place if you process personal data of EU data subjects, not only because it’s good governance, but because GDPR does carry significant penalties for non-compliance. Solving this can be complex, potentially involving a lot of personnel and multiple tools. Your GDPR process will also likely span across disciplines – impacting people, processes, and technology. Each customer is unique, and there are many methodologies around assessing your compliance with GDPR. It’s important to be aware of your own individual business attributes."
"Think about protecting data subjects and work backwards from there. Customer focus drives us to ask, “what would customers and data subjects want and expect us to do?” Taking GDPR from a pure legal or compliance standpoint may be technically sufficient, but we believe the objectives of security and personal data protection require a more comprehensive view, and you can most effectively shape that view by starting with the individuals GDPR was meant to protect."
Nigel Hawthorn, data privacy expert, McAfee’s cloud security business unit
“Data protection is not a responsibility for the IT department alone. It should be a coordinated task for departments such as legal, marketing and HR in partnership with IT. Becoming GDPR compliant requires a combination of knowledge, processes, policies, technology and training, as well as detailed understanding of data flows to and from third parties and any cloud services you may have. Despite the regulation being just one month away, our recent research showed that only half of IT decision makers are confident that all of their cloud providers have a plan in place for GDPR compliance. "
“The GDPR is not intended to be considered an add-on set of policies and procedures changing how data is handled. Instead, all new systems must be designed from the ground up to take into account best practices for data minimisation. “Data protection by design and by default” mandates consideration of such things “at inception”, so building in security and privacy – while taking care only to collect the data required for the process involved – is essential.”
Sarah Armstrong-Smith, head continuity & resilience at Fujitsu UK & Ireland:
“GDPR provides the perfect opportunity for organisations to drive their digital transformation. Indeed, when businesses invest in complying with GDPR what they’re really investing in is the quality of their data, its collection and analysis as well as its governance. After all, all companies are, to some extent, powered by data and in the future they will be totally data driven."
"As a key and valuable resource, that’s why it needs to be protected. Once you’re equipped to manage personal data effectively, you can do the same for all data that you care about. This might include strategic plans, customer information, financial results, intellectual property etc. Having the ability to leverage the true power of your data is the key to future profitability and, to put it bluntly, survival in a world of digital disruption.”
Mark Thompson, global privacy lead at KPMG:
“With a month to go till the regulation comes into force, many organisations are still scratching their heads as to what they need to do and should do, let alone consider the impact of third party suppliers."
"Come D-day, the reality is that early on we can expect that a few high profile examples will be made of non-compliant businesses, but perhaps not the tsunami some foresee. It is fundamentally important for businesses to realise that they need to get their houses in order for the long term, as privacy is not only important for the 25th May, but for life.”