The business world is leaving it too late to prepare for the data protection revolution

 

After four years of negotiation, on April 14 2016, the European Union adopted the General Data Protection Regulation (GDPR). It will come into force in May 2018 – now is the time to prepare.

The EU wants to reform data protection and cut red tape for businesses across Europe by bringing in a single set of rules. In addition, the Regulation aims to protect the rights of European citizens, giving them better control over their personal data.

Despite the Regulation coming into force there is increasing evidence that companies in the UK and Ireland are shockingly unprepared. And, in some cases, are alarmingly dismissive of the impact it will have.

It should be a debate that grips every business of every size across every sector – not just in the UK but across the whole of Europe. But many companies are burying their heads in the sand and playing a waiting game.

It opens up the possibility that many companies will simply not be ready when the Regulation finally comes into place inMay 2018. Guilty not only of underplaying the extent of the changes required but also of underestimating how long those changes will take to implement. We could also find a unique situation in the UK following the proposed EU Referendum – because with so many companies holding the data of European citizens it would be necessary to comply even if the UK was out of Europe.

We are not talking about a quick fix. Complying with the GDPR will not be as simple as installing a bit of software to make data accessible, editable and safe from breaches.

Instead it will involve a complete change of culture in many companies, a complete restructuring of information governance systems for others, re-appraisal of security settings such as encryption and serious levels of staff training. Privacy by design is another key proposal of the legislation so the principles of privacy have to go back to the architecture and design of new systems as well as changes to existing processes.

 

To continue reading please see link below.

https://www.crownrms.com/intl/en-gb/gdpr?country-banner=yes