The latest data rules, become enforceable in 2018. If you hold, move or transact with an E.U. citizen you will be subject to the GDPR (General Data Protection Regulation) law regardless of which country you reside in. Businesses and organisations need to plan for the introduction of the GDPR now.
Ignoring GDPR (General Data Protection Regulation) could have a serious negative impact on your bottom line. Fines for a breach of the GDPR will be up to €20m or up to 4% of global turnover, whichever is greater.
How could General Data Protection Regulation impact different sectors?
The Public Sector
More data will be subject to data protection laws, the higher level protections that apply to sensitive personal data will need to be applied to genetic and biometric data and existing consents may become invalid and new consents may therefore need to be obtained.
There will be more rigorous requirements for obtaining consent for collecting personal data, the age of consent for collecting an individual’s data will be raised from 13 to 16 years old and charities will be required to delete data if it's no longer used for the purpose it was collected
As reported in Retail Gazette, research carried out by Compuware in September 2016, identified that 77% of retailers are unclear as to how they will respond to GDPR. Worryingly, 71 % of retailers surveyed do not always know where their customer data is, while 24 % couldn’t ensure they’d find it at all!
“If they don’t have a firm handle on where every copy of customer data resides across all their systems, retailers could lose countless man-hours conducting manual searches for the data of those exercising their ‘right to be forgotten. Even then, they may not identify every copy, leaving them at risk of non-compliance.” Compuware Technical Director Elizabeth Maxwell.
General Data Protection Regulation and Multi Cloud Management
If you’re already running workloads in the Cloud, inbuilt Cloud and multi cloud management tools, can really help you keep on top of compliance targets.
Microsoft Azure, for example, comes with industry-leading security measures and privacy policies to safeguard data in the Cloud, including the categories of personal data identified by the GDPR.
Azure helps identify what data you have and control who has access. And this is a critical requirement of the GDPR. Read more about features such as Azure Active Directory (Azure AD) and Azure Information Protection.
For multiple clouds, a tool such as OCSL’s Cloud Control, can help manage and monitor your entire IT infrastructure. But it can also really help with compliance. Using one simple portal interface it’s possible to set up user rights and enforce policies across your entire estate. Watch our Cloud Control Demo
Getting Started: GDPR IT Checklist Questions
If you’d like to understand more about how Azure and Cloud Control can help you meet compliance targets, please get in touch.