1 - Let’s get personal
What exactly is personal data? At first glance it’s an easy answer, the usual - name, address, date of birth. Right?
Personal data is any data item which could potentially lead to the identification of a specific individual. That includes items like click behavior, IP addresses, insurance subscription type, voicemails you have left, books you have purchased, the list is endless.
2 - It’s all policy
While the regulation text and jurisdiction implementation may have been sufficiently explicit, each organisation is individual and operates within its own micro environment. The policy adopted by your organisation may be more stringent to reflect your industry and risk appetite and therefore it should never be assumed that the regulation is the final word. Focus on ensuring that employees know what the policy is and it may also be more palatable than extracts from a regulation.
3 - Things change
Especially in the financial world, things change fairly rapidly. Today’s key risks as seen by the regulators may be redundant in six months’ time as our global technology evolves. Your policies may be top notch as at September 2018 but don’t assume it will be in June 2019.
Capturing changes and adaptations continues to be one of the biggest challenges to our businesses today.
4 - Global reach
Just because you may be located outside of the EU does not mean GDPR is not something to consider. Each organisation must assess its GDPR requirements based on their own specific situation and shouldn't assume that because they’re not in the EU, they're not impacted.
If your organisation deals with personal data from an EU citizen then you have to comply with the GDPR.
5 - Not all breaches are created equal
What is a data breach versus a data loss? When do we need to analyse, when do we register and when do we need to report?
Should the worst happen you want to be as prepared as you can possibly be, sometimes an over-reaction is just as damaging as an under-reaction. Having clear guidance and a set of instructions which are catered for your business and realistic examples of situations which may occur, can make a substantial difference for the future of your business.
The impact of the regulation in general, and on your business in particular, shouldn't be underestimated. Legal, HR, IT and Sales & Marketing teams have different focus areas and touch points with the regulation. As part of our GDPR service offering we can provide tailored training to get employees aligned and aware of the impact of the regulation on their daily tasks - one of the GDPR requirements itself.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.