Top 5 GDPR Challenges for Tech Businesses
Top 5 GDPR Challenges. GDPR or General Data Protection Regulation, if you are unaware what the most banded about abbreviation in tech (and business as a whole, for that matter) stands for. As of May 25th 2018, the new legislation set by the European Union means that organisations who process EU resident sensitive data are likely to be impacted, meaning they will need to start thinking about whipping their compliance into place right now.
This throws up an abundance of issues for businesses to deal with. Some you are aware of or some you are just about to become aware of. Whilst there are many, we look at what we believe to be the five biggest challenges businesses will face in a race to comply.
- Right to erasure
Alternatively, the right to be forgotten, as it is informally called. This presents huge challenges for tech businesses. They must now ensure that each system that stores data has the ability to permanently delete data. Then there are issues with backups, how will you delete the data from your data backups?
- Broader definition of personal data
The scope of personal data is expanding to cover things such as IP addresses. These will need to be protected and managed in the same way as the previous scope of personal data was. With this in mind, do you even know what personal data your business holds anymore?
- Data Protection Officers
The DPO. Do you need one and if so, where do you find one and how much will they cost? This relatively new role will become the central figure of your compliance if you go down the route of recruiting one. They will need to guide the company to compliance. Current estimates suggest that there will be a shortage of potentially 28,000 Data Protection Officer’s by the time GDPR comes into force in May 2018.
- Privacy by design
Implementing the new process to evidence privacy by design in your project and change processes. Does this now put standard frameworks such as ITIL out of date? The business will need to include developing, designing, selecting and using applications, products and services.
- Mandatory breach notification
The regulation will make it a duty for your business to report certain types of data breach to the relevant supervisory authority. So with this in mind, what is your current breach notification process? Moreover, without a huge uplift in work force, are the regulators even equipped to deal with the increase in notifications?
If you are a senior IT professional who would like more information on GDPR, then our Talking Tech event can provide this for you to take back to your business. BT’s Head of Security (UK Professional Services), Damian Kinney, will be addressing the necessary IT capabilities & controls to protect personal data before the forthcoming GDPR regulation comes into force. Book your place at the inaugural event on Thursday 19th October now!