5 ways to prepare for the new EU Data Protection laws

5 ways to prepare for the new EU Data Protection laws

The biggest piece of news in the Data Security industry this year is going to the introduction of the new EU General Data Protection Regulation (GDPR), which will likely come into force later this year.
Compliance with these new laws is mandatory for every organisation with over 250 employees which handles data belonging to citizens of the EU, even if the company handling this data does not reside in the EU.
Fines for breaches of these regulations go up to 5% of Global Annual Turnover per incident.
And worryingly research reports* undertaken at the end of last year highlighted that the majority of corporate IT teams are completely unprepared for the EU GDPR.
With the beginning of a new year now is a great time to take a detailed look at the upcoming legislation and start taking steps to ensure your organisation is compliant.
Here are 5 useful ways to prepare your organisation for the upcoming EU GDPR:

  1. Ensure your organisation has an up-to-date Data Protection policy. This might seem like a very obvious first point, but many organisations have data protection policies which are out of date. Perhaps you haven’t considered expanding your policy to all your cloud hosted data (or assume your cloud provider is handling this) or perhaps you are using out-dated solutions or software products?
  2. Appoint a Data Protection Officer. Article 35. of the EU GDPR states that any organisation with over 250 employees must appoint a Data Protection Officer. It might be that you already have an internal information security team, but you will need to ensure that one person is officially responsible for your organisation’s compliance with all aspects of the new legislation.
  3. Review your Data Security Policy. The main changes coming with the new EU Data Protection laws are around the erasure of data from your systems, with “the right to erasure” (formerly “the right to be forgotten”) one of the key drivers of the reforms. Ensure that your Data Security Policy falls in-line with the new legislation.
  4. Identify the range of devices that store data. Another key driver of the EU GDPR is the massive changes we’ve seen in the last 10 years with the types of devices that now store data. A smartphone can currently hold up to 160 GB of data, which is the same size as the average corporate PC hard drive 5 years ago. Ensure that all your data holding devices (PCs, Servers, USBs, Mobile phones) are covered under your data security policy.
  5. Don’t wait around! Whilst regulatory enforcement on the EU GDPR isn’t likely to occur until 2017, the regulations are estimated to be in effect later this year. There have also been numerous large corporate data breaches throughout the news over the past 12 months born largely from outdated data security policies, so now is the time to take action.
53 Moss Road, Banbridge, County Down, Northern Ireland, BT32 3NZ, Tel: +44 (0)28 4065 1009. Copyright EOS IT Solutions 2016.