The new EU General Data Protection Regulation (GDPR) is only 119 days away – are YOU prepared?
On 25 May 2018 firms have no choice but to obey the new regulations, as non-compliance could cost up to EU€20milion.
According to a survey carried out by Germany’s digital association Bitkom, only 13% of firms surveyed had begun or completed first measures to implement the GDPR, while 33% were still not prepared.
According to a survey in October 2017 by the German-speaking SAP-user group DSAG, SAP users in Germany, Switzerland, and Austria still did not have a plan for implementing the new regulations.
Those who cannot prove to the authorities that they are at least working on adapting their processes and tools in accordance with the requirements will be guilty of gross negligence and may rightly face penalties.
Here are some tips to prevent GDPR charges:
- Organisations must implement “Privacy-by-Design” and “Privacy-by-Default” which requires data is collected anonymously or pseudonymously and processed in encrypted form
- IT managers must minimise the chance of a cyber attack. Particularly since it is not only economic damage that results if confidential information falls into the wrong hands – accidentally or intentionally – but also the potential damage to reputation should not be underestimated
- Email must be protected. Users must classify data according to the level of protection they need in order to be able to send each outgoing message with an adequate level of security
- Patient data must be sent as an encrypted attachment with a one-time password and a traceable acknowledgment of receipt.