fbpx

Five Shades Of Readiness: Are You Ready For GDPR?

by | Mar 30, 2018 | BLOG, Forbes Coaches, TECHNOLOGY, Trending

Forbes Technology Council Elite CIOs, CTOs & execs offer firsthand insights on tech & business. Opinions expressed by Forbes Contributors are their own.

Post written by

Dr. Rao Papolu

CEO of Cavirin Systems, a provider of continuous security assessment and remediation for hybrid clouds and data centers.

Dr. Rao PapoluDr. Rao Papolu ,

Shutterstock

Few business IT topics since the days of the Y2K have led to as much concern or confusion as GDPR. The General Data Privacy Regulation goes into effect on May 25, 2018. Businesses, governments and regulators have had two years to get ready for GDPR to become an enforceable regulation, but there is still genuine confusion about whether companies are actually ready.

How do you know if you’re ready? How do you know if you need to be ready? These are questions that could have some very serious financial implications for companies both large and small, no matter where the company is located.

If your business deals with personal data from a citizen of the EU, then your business falls under the requirements of GDPR. The regulation makes some distinctions based on a company’s role in handling data and how much data is handled, but it’s important to note that there is no exemption for small organizations: If your company (or other organization) collects or processes data from EU citizens located in the EU, then GDPR applies to you.

GDPR makes a distinction between those who gather personal information (“controllers” in the regulation’s language) and those that process the information (“processors” in the regulation.) It’s not that either gets a free pass from the regulation, but issues like permission to gather information and data portability are handled differently for the two types of organizations.

New Officer Readiness

One of the points at which size makes a difference is in the appointment of a data protection officer (DPO). Larger organizations, or organizations of any size that either collect or process large quantities of personal data, must appoint a data protection officer responsible for GDPR compliance.

The office of the DPO will be a significant investment for organizations because the individual in the office must be proficient at managing IT processes, data security (from prevention to response and remediation) and critical business continuity issues around collecting, storing and processing sensitive personal data. In virtually every case, this will mean establishing an office and a team rather than simply naming an individual for the purposes of completing a form.

Policy Readiness

Page 1 / 3