Today (25th of May 2018) the GDPR is coming into effect in the European Union. This is going to have a massive impact on the way businesses operate and store customer data.
EU citizens (and even some NZ citizens/residents) will have recently received a number of emails where organisations are asking for continued consent to use their data. This is due to the General Data Protection Regulation or GDPR.
The GDPR is a new set of rules designed to give EU citizens more control over their personal data and establish one single set of data protection regulations across Europe. While these regulations are focused on the EU, organisations outside the EU are also subject to these regulations when they collect data of any EU citizen.
Organisations are required to implement appropriate technical and organisational measures in relation to the nature, scope, context and purpose of handling and processing personal data of EU Citizens.
Companies are also required to report any breaches of security ““leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.” In any incident where there is a data breach, organisations are required to notify the appropriate authority “without undue delay and, where feasible, not later than 72 hours after having become aware of it”.
There are huge penalties for organisations found to be in breach of the GDPR, ranging from (up to) 10 Million Euros or two percent of that businesses worldwide revenue (whichever is higher) to (up to) 20 Million Euros or four percent of that businesses worldwide revenue (whichever is higher), depending on the infringement.
To ensure your business does not infringe the GDPR, data protection safeguards must be designed into your business practices and the services that your business consumes. These safeguards must be appropriate to the level of risk associated with the type of data held. These can include:
- Encryption of personal data
- Ensure confidentiality of information.
- Maintain integrity, availability and resiliency of systems.
- Restoring availability and access to data in a timely manner in the event of an incident.
- Having a process of regular testing, accessing and evaluation of systems.
The likelihood is that similar laws will soon be drafted and come into effect in New Zealand. Our Trans-Tasman buddies over in Australia have recently made some changes to the NDB (Notifiable Data Breaches scheme) to bring it more in line with the GDPR, so we will not be too far behind. Our suggestion is to start implementing GDPR guidelines in your organisation now so that you are prepared once New Zealand does adopt similar legislation.
How we can help
Lucidity can help your business by moving your business to the cloud. Our Managed Services platform can help your organisation setup safeguards to protect valuable data from security breaches. These safeguards can be implemented for your data for an on premise, hybrid or full cloud deployment.
Lucidity can also help you develop a continuous IT delivery solution which will help you focus more on your business rather than focusing on IT. We are a local company based right here in Auckland with a friendly team delivering world class service. Get in touch for an obligation free discussion as to how we can help your business.