Information is the lifeblood of today’s business world. With timely and accurate information business decisions can be made quickly and confidently. Thanks to modern technology, today’s business environment is no longer constrained by physical premises or office walls. We can work on laptops, smartphones or tablet computers and with nearly ubiquitous internet connectivity we can work from any location.
This technology evolution allows us to be more productive and work with clients in many different ways. We can engage with them over the internet, visit their homes or offices, or they can come into our offices where their requests can be processed quickly and effectively. While bringing many benefits technology also brings with it many threats. With companies gathering more and more information on their customers to provide them with more services there is the increased risk of damage to those individuals should a company suffer a security breach. This information if improperly exposed could cause a lot of embarrassment to the people affected or, should it fall into the hands of cyber criminals, could have severe financial impact on them.
The European Union’s Data Protection Directive Data Protection is concerned about any information, either by itself or used with other pieces of information, that could identify a living person. This information could be items such as email addresses, passport numbers, driver’s license numbers, financial details, union membership, medical history or information relating to a person’s sexual, religious or political beliefs.
On the 15th of December 2015 the EU agreed to replace the existing EU Data Protection Directive with the EU General Data Protection Regulation (EU GDPR).
The EU GDPR brings in new obligations to companies that handle information belonging to individuals and this will come into effect over on May 25th 2018. Under the EU GDPR there will be a number of new rules for companies such as companies who process a lot of personal data will be obliged to appoint a Data Protection Officer, companies who suffer from a security breach will be obliged to notify “the supervisory authority” without delay or within 72 hours, and there will be fines for companies who are proven negligent in the case of a security breach, to name but a few.
This new rules will have implications for how businesses handle and secure the personal data entrusted to it by its customers and staff. While it will take time for the EU GDPR to come into full effect, it will also take time for companies to be properly prepared for that eventuality.
The following checklist will help you obtain better assurance regarding how your company is prepared for these new regulations. An incomplete or negative response to any of the following items means that area of risk needs to be addressed.