For many companies, GDPR has become a four-letter acronym.
The European Union’s new General Data Protection Rule – which applies to virtually any kind of data that can be used to identify a person – goes into effect May 25. And companies around the world are rushing to make sure they’re in compliance, or at least can demonstrate that they’re hard at work trying to meet the EU demands.
GDPR is designed to protect personal privacy, (hopefully) make companies more secure from data breaches and force them to get their collective hands around all the data they collect, use and distribute.
As CSO‘s Michael Nadeau notes, that’s no small task. He and CSO senior reporter Steve Ragan joined Mark Lewis, IDG Communications vice president of audience developement, and Computerworld Executive Editor Ken Mingis to discuss the ramifications of the new law.
As Lewis pointed out, even though the regulation comes from the EU, it affects U.S.-based companies, too – including IDG Communications. That’s why the company, which has a global footprint, has been working for the better part of year to line up its data ducks in time for the new rule.
Many other firms, said Ragan, are only now beginning to realize how far behind they are in that process. His prediction: most companies won’t be fully ready, and some could be in serious trouble in the event of a breach. (Fines for non-compliance in the wake of a data breach could be as high as 4% of a company’s revenues.
For companies still trying to figure out how to proceed, he and Lewis explained the kinds of questions that have to be asked (and answered). Even then, Nadeau said, the May 25 deadline is really just the beginning of a never-ending task for companies. Because even if they lock down everything now, changing technology will mean an ever-evolving privacy landscape that requires constant vigilance.