The European General Data Protection Regulation (GDPR) takes effect on May 25, 2018, and it aims to create a stronger, harmonized data protection legal framework throughout the European Union, with the aim of giving citizens more control over their personal data, while imposing strict rules on companies who host and process this data.
Despite that fast approaching deadline, a recent survey of 900 business decision makers worldwide shows that 86% remain concerned that a failure to adhere could have a major negative impact on their business. In addition, almost half (47%) fear they won’t meet the requirements of the legislation. Organizations are worried about the significant fines that could be levied, which could be as high as €20 million ($21.5m), or 4% of annual revenue.
Data protection has always been important. Now it’s becoming urgent. We have compiled 10 questions you should be asking to find where your company stands in the process to adapt to the new rules.
- Are you aware that by May 2018 you must comply with the law?
- Have you put together a plan to ensure compliance? Be sure to include your Contact Center within the plan, as it uses and processes critical personal data, namely from customers.
- Have you appointed someone to lead this compliance process? To put a top executive in charge or/and to hire a DPO (Chief Data Protection Officer) will be key to implement a roadmap.
- Did you budget for the services and technology to put in place the processes and systems that will safeguard and manage the data and ensure you show compliance and can detect and react to any data breaches and leaks?
- Are you determining responsibilities and making sure that all the relevant teams and people are on board and aware of the need for GDPR compliance?
- Did you define your personal data processing purposes and legal grounds?
- Are you prepared if data subjects exercise their new rights?
- Are your privacy policies and notices in line with the GDPR?
- Are your prepared for a data breach? Do you have the processes and technology to detect, respond, investigate and notify?
- Are you aware that GDPR compliance and mounting data security risks means that your organization must support continuous improvement based on a revised risk assessment? Companies must have privacy impact assessments and adopt “privacy by design” policies and systems.
And some final advice. Look hard at data protection in your company. The enforcement of the European General Data Protection Regulation from May 2018, coupled with the continued growth in data breaches is driving the adoption of better data protection technology. Data is now the lifeblood of companies: personal data, financial data, intellectual property, all are critical for your organization.
This is driving the need for advanced data security technologies that operate wherever data resides — in storage, in use, via collaboration or analytics, and either inside or outside the traditional organizational perimeter that includes your contact center.
And don’t forget. Get GDPR Ready. We can help. May 2018 is right around the corner.