The clock is ticking: Is your business ready for GDPR compliance?

Posted on: Thursday, December 7th, 2017

Whether you are a small business that sells customized T-shirts online, operate a digitally powered startup service offering SEO and digital marketing consultancy, or are a giant in the cloud-based service industry — your world is about to change because of the need for GDPR compliance.

Anybody who does business, or even engages with people online for business-like or networking purposes, has to store at least some sort of data related to its stakeholders. It could be a list of customers and their home addresses for an online retailer, the enterprise network details and employees’ lists of a company for a cloud service provider, and credit card information of millions of web users for a payments gateway solution provider. Data is power, it’s expensive, and it’s sacred. Data theft and privacy breaches are the biggest worries keeping business leaders and cybersecurity wizards awake at nights. That’s why the world is moving toward structured regulations for data security and privacy. Right at the pinnacle of this movement is GDPR (General Data Protection Regulation). This is a set of regulations slated to be put in place as legally enforceable by the European Union. GDPR is a consolidated set of rules and regulations around data privacy laws, and applicable to all members of European Union — and to any business or individual that exchanges data electronically with an EU citizen. The deadline for GDPR compliance is getting near: It’s May 25, 2018. If you haven’t come up with a GDPR compliance plan yet, you’d better get started. Like right now.

GDPR compliance: ‘The right to be forgotten’

“The right to be forgotten” is not some sci-fi breakup story; it’s one of the most contentious tenets of GDPR compliance. The right empowers any EU citizen to ask businesses to remove his or her personal data from their databases. It’s a nightmare in the making for business organizations.

A Veritas study recently showcased how several organizations were concerned that they didn’t have the capabilities to be able to search, identify, and erase personal data of any person from their systems. Purging or removal of anybody’s personal data poses significant challenges to all kinds of organizations. In most databases, such records are maintained in sequential order, and are cross-linked with several other databases. The maintenance of these cross-links is one of the key hygiene factors for databases. And by reviving one block from one database can render several nodes of interconnected data tables unstable. However, shortcomings that render companies incapable of deleting user information when asked to will also mean they are not in GDPR compliance.

Most organizations are mistaken when it comes to GDPR tenets related to the responsibility of data privacy and security. Whereas most organizations believe that their cloud service providers are responsible for ensuring data protection, it’s actually the “data controller” (that’s the organization that owns the data) that needs to ensure this.

Do you understand the nuances of ‘responsibility’ as defined by GDPR?

Now, there are cybersecurity and data science experts that recommend organizations treat these stringent measures as an opportunity. Businesses that nurture a culture of data protection, secure practices of data exchange, and information privacy, are also the ones that will be able to ensure complete data protection (as GDPR wants it).

However, many modern businesses have adopted hybrid cloud models, with multiple cloud platforms, vendors, and service models involved in the entire ecosystem. For such organizations, now’s the right time to ensure that all vendors are sufficiently aligned with the expectations of GDPR.

Are you keeping your data secure from former employees?

A key requirement of GDPR is that organizations need to implement strong practices to make sure that former employees are not able to access their systems. This includes locking their usernames and credentials in applications, removing their accesses to shared documents and drives of the organization, and making sure that their exit is subject to thorough documentation and system checks. Unfortunately, the fact that former employees and contractors are able to access their systems even after their departure from the company can put thousands of businesses at the receiving end of penalties from GDPR. So, make sure your organization starts building practices to ensure system sanctity.

Are you under false impressions you are already GDPR compliant?

Do you know what’s worse than not being GDPR compliant when the regulations become legally applicable? It’s the false impression of being compliant, and not making the necessary efforts because of the false beliefs.

In the Veritas survey we talked about, a group of respondents (representatives from organizations) claimed that their organizations were already in GDPR compliance. However, when specifically questioned about the regulations, they gave answers that contradicted their beliefs. In fact, the survey revealed that only 2 percent of the surveyed organizations were actually in a state of GDPR compliance.

Visibility of personal data loss incidents is surprisingly low among enterprises. A huge percentage of them are incapable of detecting and reporting a data breach within three days of such an event taking place. All these are deep pitfalls that any enterprise will find difficult to navigate as it tries to reach the safe side of GDPR.


Contact Us

AID Compliance Ltd.
106, Cospicua Road,
Paola, PLA 1902
+356 2149 9454
+356 9985 7158

Alternatively, please fill in the form below to get in touch with us.

Why AID Compliance?

What makes us different?

When someone asks, “What’s different about AID Compliance?”, the answer resides in our experienced professionals who are innovative and constantly involved in bringing fresh ideas. Ongoing training and education is one of the pillars of AID Compliance’s service to our clients. Our staff successfully implements effective compliance solutions tailored to each client’s needs.

Our one-stop-shop provides all the relevant services under one roof. Due to this structure, clients save time and effort and queries will be dealt with promptly. Any essential points can often be discussed in a more time-saving manner for the client as many material facts are already known to us through our ongoing advisory work.

Getting compliance right is important for all businesses. We know and understand the challenges you face.

Read More

Latest News

Let us keep you informed with our latest company updates, industry news, local and foreign articles.

Monday, February 12th, 2018

DUBAI (CNNMoney) - IMF chief Christine Lagarde says it's only a matter of time before cryptocurrencies come under government regulation. "It's inevitable," she told CNNMoney emerging markets editor John Defterios. "It's clearly a domain where we need international regulation and more »

Monday, January 22nd, 2018

Experts discuss the IT solutions that help businesses meet the EU's tough new data privacy regulation. In roughly four months, the European Union's (EU) General Data Protection Regulation, or GDPR for short, goes into effect. Businesses that aren't prepared for more »

Let's keep in touch

Enter your details below and stay informed with the latest industry news, articles as well as useful information.

We will not spam your email or sell your data to other companies. You may also unsubscribe at any time.