GDPR Inclusion, An agenda for the Board
Countdown has already begun in the run up to the deadline of 25th May 2018. Business Leaders are starting to recognise the consequences of getting it wrong, the risks mitigated with non-compliance which result in tarnished public reputation and the financial penalties associated with breached data. On the flip side, getting it right will benefit business reputation demonstrating best practice and will be testimony to the Organisation’s responsibility to customers, alliance partners and employees when it comes to best practice.
Who falls within scope?
· Sales & Marketing
· Information Technology
The GDPR principles stipulate behavioural practices stating personal data can only be gathered for legal reasons under strict conditions and for the legitimate purpose intended. Legal, Sales & marketing, Finance, HR and IT will all fall within scope as data streams will be directly linked in practice where subject data is gathered, shared and stored under Service Level Agreements, Marketing initiatives, P11Ds, addresses and contact details and information security to codify rights to be forgotten and notifications on breached data.
What should you do to align your business with GDPR inclusion?
One of the biggest challenges Business Leaders face in uncertain times and a slump economy is allocation of budgets for GDPR compliance. Below are necessary steps to be taken in the wake of GDPR legislation next May 2018.
· If the organisation workforce exceeds 250 employees a Data Protection Officer (DPO) needs to be appointed
· Establish new procedures around information security and data breach notifications meeting the 72 hour deadline
· Begin dialogue with Suppliers and Vendor Partners to understand their processes related to data protection and GDPR governance codifying data deletion requests and “right to be forgotten”
The consequences of non-compliance under GDPR
New practices under GDPR will ultimately exercise two key elements to protect businesses from prosecution in the event of a data breach. These are;
· Right to be forgotten
· Accountability & record keeping
The ICO will look to organisations in the event of a data breach to demonstrate clear codes of conduct under ISO 27001 to protect against fines totalling 4% of global turnover or 20 million Euros if found guilty.
Irrespective of size of the organisation, such fines will not only be financially crippling, the public reputation and credibility will be at stake and possibly ruin any future prospect for the organisation bringing bad practice into the limelight.
Bearing in mind service level agreements between businesses and suppliers will share such responsibilities under GDPR inclusion, a public case to this magnitude will only result in resistance from future supplier agreements and alliance partnerships.
Need a GDPR expert to undertake a gap analysis?
At Amdas we are already engaged with businesses on GDPR campaigns working closely with GDPR experts that can facilitate your journey to achieve full GDPR compliance end to end.
Our GDPR experts can prequalify shortfalls in GDPR inclusion from an initial gap analysis through to project implementation working across the business functions faced with direct impact seeing it through to inclusion.