The General Data Protection Regulation (GDPR) has a much broader scope than the Data Protection Act (DPA). The new mandatory rules establish new and better rights for European Union citizens and stricter and more extensive demands in all areas of business organization.
Although its effective application and mandatory compliance will not take place until May 2018, it is advisable to begin a process of progressive and continuous adaptation of the company’s internal processes in accordance with new legislation.
The GDPR establishes the principle of proactive liability, i.e. appropriate technical and organizational measures must be implemented to ensure and demonstrate proper compliance.
To improve customer confidence in its products and services, and achieve good management one must accelerate the implementation of certain aspects in the company for compliance with regulations:
- Transform your governance and practices (new roles and processes)
- Protect structured and unstructured data throughout its lifecycle.
- Detect and report data breaches and leaks (within 72 hours after detection).
- Reduce IT and security costs.
The GDPR has a significant impact, affecting the organization as a whole, and how the company is structured around the data it collects.
Penalties for NON-APPLICATION or poor execution can range from a sanction between 2% and 4% of the Business Volume, and have consequences at the penal level.
The methodology for the implementation of the GDPR consists of four phases, with deadlines at the end of each phase.
Audit – Analysis of needs “As Is” Analysis of data and verification of documentation for the study of the functional and legal needs of the company.
“To Be” Requirements – Adaptation of the company to the GDPR
Analysis of the requirements of the GDPR to detect the impact on the organization and the existing GAP between the current and the required situation, ending with an implementation plan in the organization.
Implementation – Tool management
The previously detected needs will be implemented with action plans and necessary tools, parameterizing KULTEO according to the client’s needs.
Adequacy and periodic audit
Carrying out periodic audits verifying compliance with the requirements established by the regulations and detailing the deficiencies found and the corrective measures.