As the countdown to one of the most important pieces of European legislation continues, new options are arriving to facilitate easy management of the new GDPR, data privacy and compliance environment, says Ashley Gatehouse.
For CIOs and those in IT management positions, the nature of compliance means that there is always something new to consider and the impact of new legislation on the horizon. So, when the EU announced the final approval of its General Data Protection Regulation (GDPR) two years ago, the countdown began to one of the most important changes in data privacy regulation over the last 20 years.
Since then, firms have been on a race to align with the stringent new regulations that are set to reshape the way businesses think about data privacy and which replace the existing Data Protection Directive 95/46/EC.
One of the biggest problems faced by firms handling vast amounts of personal data is the task of the operation they face and the impact that the GDPR will have on their operating activities – one reason it’s important for enterprises to have a game plan and partner they can trust.
The trouble is that for those that have yet to finalise their lines of risk assessment and decision-making, time is short.
If you think about the personal data you hold across various applications, networks and cloud infrastructure, the GDPR holds you accountable for that regardless of where it is stored. Not only that, but when asked, you must be able to explain the lifecycle of that data, whether consent if applicable has been obtained or whether your organisation has legitimate Interest to use the data. And when requested you must also be able to remove all personal information and also be able to report any data breaches to the relevant supervisory authority within 72 hours of discovery.
However, the good news for data processors and controllers (DPOs) is that there are welcome options on the table that can quickly bring alignment and stave off the potential threat of those EUR 20,000,000 fines or bans on the processing of personal data.
As a starting point there are various free solutions that enable you to perform the first part of your risk assessment in determining whether or not you are ready for the GDPR by taking you through a series of questions relating to areas of the legislation. But once you’ve determined where you are on your journey what else can be done?
A platform, such as GDPR Infinity – as the name suggests – has been designed to help businesses and their designated Data Protection Officers (DPOs) move beyond deadline day with confidence by providing users with a comprehensive set of tools that enable a simple and straightforward long-term approach to data privacy and management excellence through a tailored self-service portal available via one simple subscription.
A key part of this process is its ability to provide enterprises with a Gap Analysis – the steps that need to be taken to enable alignment – with GDPR. First and foremost, that provides an accurate analysis of where you currently sit as an organisation, indicating what solutions and controls must be implemented to bring you into compliance. Organisations will then be able to track progress being made across their four main areas of focus: Accountability & Governance, Lawfulness & Transparency, Security & Safeguards, and Verification & Assurance.
Yet, GDPR Infinity is more than just a framework and tool for data protection officers. The inclusion of an Audit Manager solution enables the monitoring and tracking of compliance activities so that organisations can demonstrate in a timely manner how they are going about the management of personal data. When the auditors come calling the ability to quickly correlate GDPR activities and accurately document evidence of firm controls from a central repository will be crucial.
By providing essential tools needed by DPOs and their equivalents when going about their daily tasks – and those set out in Article 39 of the GDPR in particular – the solution will save you hundreds of man hours by providing essential strategic management in terms of roles and responsibilities, as well as providing access to Policy Templates, Codes of Practice and Demand Generation of Records as and when required.
Consider the impact GDPR Infinity could have upon the processing of records and data processing agreements (DPAs) for firms needing to sign and create hundreds of these on a monthly basis. Remember, if you enter into a contract where processing of personal data is likely to occur, this applies to you. By using the solution’s own PDPA Creation Tool, Called Agreement Manager and for internal business processing, Processing Manager, this can all be automated, allowing for the import and export of processing records that can then be directly annexed to the DPA. There is also Subject Access Request (SAR) Manager and Incident Manager to record when data subjects request access to data and if any breaches occur. Furthermore, for those tasks that need to be addressed on a yearly basis, GDPR Infinity provides an annual cycle of key repeatable tasks that must to be performed.
Of course, the GDPR represents a fundamental shift in the way firms operate with respect to data privacy management but rather than being viewed as a problem that needs solving we believe it should be a way to further improve the relationship that businesses have with both their data and their customers. Solutions such as GDPR Infinity are designed with the future in mind and allow enterprises to plan far beyond this May’s deadline, giving them solid foundations for ongoing compliance plus data privacy and access excellence.