The countdown to the enforcement of the General Data Protection Regulation (GDPR) has already started.
The regulation, which goes into effect 28 May 2018, will have a significant impact on organizations and their customers in all industry sectors across Europe and beyond. While the new regulation may bring compliance challenges, it will also enable some businesses to create a competitive advantage if they adapt quickly.
To prepare for GDPR and ensure full compliance by May 2018, you should start assessing the regulation’s impact on your business model and practices now. The first step is to determine your current level of GDPR readiness by analyzing how your organization manages personal information. Answering the following seven questions will guide you through this process and help identify the changes your organization must make to become GDPR compliant.
1. What kinds of personal information does your organization process?
2. Where do we store this data?
3. Who can access this information?
4. Do we transfer personal information among different systems or stakeholders groups?
5. How is this data secured?
6. Do we obtain consent to store personal information, and if so, how and where is it documented?
7. Do we have official processes or policies related to the collection or use of personal data?
When you start answering the above questions, you will discover your organization’s personal information is likely stored in and transferred among many different systems, including email programs / clients.
Take, for example, our customers at AMPLEXOR. At a minimum, the GDPR will impact all clients using our Digital Experience and Enterprise Content solutions. Thus, we must quickly adapt to help our customers evolve and become compliant by the time the regulation goes into effect.
Join our GDPR workshops or contact us and learn how we are helping our customers become GDPR compliant by identifying and solving challenges the regulation may impose on their Digital Experience and Enterprise Content projects.
About the European Union’s new General Data Protection Regulation
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).
The GDPR will come into force on 25 May 2018. The measures included in the regulation will affect every organization dealing with private data of European citizens and the penalties for non-compliance can go up to 20 million euro or 4% of worldwide turnover.
The GDPR will introduce stronger restrictions to the way companies use and give access to personal information. There must be a clear consent to store personal data and every European citizen will have the right to access this information anytime or even ask to be forgotten.