Guest post by Pooja Dey, 3M Product Marketing Manager.
The single, largest piece of advice from data privacy expert 3M in finalizing preparations for the General Data Protection Regulation (GDPR) is to review all now! The GDPR will fundamentally change the way businesses collect, store and use customers’ personal information, when it comes into force on the 25th May 2018, and according to the data privacy specialist, many businesses are underestimating the work involved to ensure compliance.
The regulations will affect how businesses collect personal data, store personal data and use this data, and businesses that do not comply or are in found of a breach can face a fine of up to 20 million euro in penalties, or 4% of annual worldwide turnover.
There are five, key, practical measures to take in preparing for the new regulations in just a few weeks’ time.
Take Ownership and Take Action
Your internal GDPR team must take responsibility for reviewing existing data, developing new procedures for collecting, storing and using data, and for ownership of the policies. They will be accountable to the Regulatory in the event of a breach, so task this team to conduct final checks on all data, all material and all your company policies and privacy statements.
Conduct an Appraisal
Task your GDPR team to review all personal data held by your organisation, including how you received it. Validate it and catalogue it as required, then perform a gap analysis to identify potential, associated risks. Then evaluate all data privacy notices and policy procedure documents in terms of GDPR compliancy.
Develop new Policy and Procedures
After you have mapped the data, it’s time to implement internal policies and measures which take into account Privacy by Design and by Default. The new or improved Policy and Procedures are designed to mitigate the security and privacy risks identified with existing data that may be unauthorized, or to defend the company in the event of an involuntary security breach.
Implement training and review checklists for data protection amongst your organisation. Implement internal breach notification procedures and incident response plans. Ensure your communications teams, and anyone else with direct contact to current and prospective customers are aware of the company’s new policy.
Assess the design of any open space working areas, particularly those of data sensitive departments such as finance, legal, HR, Pricing and so on. The Mobile workforce is also at high risk of visual hackers accessing private, sensitive or confidential information for unauthorized use. Implement new security measures such as privacy filters to safeguard the display of information and mitigate exposure to visual hacking.
Surprisingly, of 2 billion computers purchased in Ireland by B2B companies in 2016, only 1.5% of them have privacy filters!
Implementing good security practices will enhance visual privacy efforts and can avoid personal data from being compromised, building trust amongst consumers.
GDPR is fast approaching, so final measures should be taking place now, to save you, or your company, significant costs and headaches further down the road.