On May 25, 2018, the European General Data Protection Regulation (GDPR) is due to take effect. Is your organization prepared? The GDPR will impact every entity that holds or uses European personal data both inside and outside of Europe. This means that nearly every website and application in the world could be affected.
It would be a huge mistake to ignore GDPR because lack of compliance could lead to hefty financial penalties. Gartner predicted that more than 50% of companies affected by GDPR will not be in full compliance with its requirements by the end of 2018.
What Is the GDPR?
The GDPR imposes new rules on companies, government agencies, and other organizations that collect or analyze data tied to EU residents. GDPR recognizes the rights that citizens have with regards to information that identifies them. The GDPR expands the rights of citizens, also referred to as data subjects, in the following ways:
- Only use personal data with permission and when there is
- Provide or correct personal data upon request
- Delete personal data upon request
- Transfer personal data securely between IT systems
The focus of the law is not where an organization is located but where the business activity occurs. Any organization that holds data relating to citizens in the EU must comply. This effectively implies that GDPR is a global law. If your organization does business, offers services, or performs activities on behalf of EU citizens, GPDR may apply.
Many organizations are fearful of what is to come and aren’t sure what to expect, but it’s important to get informed and act now to ensure that you’re in compliance. The following are some high-priority changes that can put you on track to compliance.
Appoint a Point of Contact for the Data Protection Authority
Organizations in the EU or outside of the EU that process personal data for the offering of goods and services to the EU, or that monitor the behavior of data subjects in the EU, should appoint a representative to act as a point of contact for the Data Protection Authority (DPA) and data subjects.
Carry Out a GDPR Audit
Very few organizations have identified every single process that involves personal data. Organizations with IT systems ought to go through their entire system portfolio to ensure that all of the systems comply. It’s important to note that it is companies that need to be GDPR-compliant, not systems, applications, platforms, or databases.
Prepare to Respond to Citizens Exercising Data Rights
Organizations should prepare for data subjects exercising their rights under the GDPR. Companies should be ready to handle data breach incidents and implement additional controls to adequately respond to data subjects who exercise their rights.
Add-On Products’ resource booking software Resource Central, which is based on Microsoft Outlook® and Exchange, adheres to Microsoft’s relevant GDPR settings. Resource Central can currently be configured as GDPR compliant by skilled database professionals. We determine where EU citizen data resides in Resource Central database tables and then construct relevant tools for our customers to enable them to comply with GDPR.
Let us help prepare you for GDPR, so you can be freed up to focus on your core business activities. To learn more about our GDPR compliant software for resource booking and digital signage management, please sign up for a free trial or free online demo today!