The EU GDPR is one of the most substantial security initiatives in many years.
This is on the one hand due to the scope of the regulatory work in the EU has been comprehensive and a long time coming. On the other hand, this is also due to the consequences of the EU GDPR having important implications for both the private and public sectors in Europe. The GDPR identifies many things. One common denominator and the overall conceptual framework behind the EU GDPR is that it is considered an exercise in confidence. An exercise in confidence entails the registered party ”lending” his or her sensitive data to the data controller, and then the data controller acknowledges that confidence by taking care of the data, and by always being able to explain - in a meaningful and understandable manner - the purpose to which the information is to be used. The last part has not always been standard practice in the past.
Some things are well-known in the new EU legal text. Others are completely new. In summary, it can be said that the EU GDPR contains many requirements on how businesses shall process and protect personal information, and which processes the businesses will apply. The many requirements set out in the regulation will branch out into individual organizations and call for new forms of cooperation between legal, IT, individual departments, and management.
A correct implementation first and foremost requires the correct administrative understanding and priority of the task. It involves among other things setting the requirements for your own organisation’s handling of sensitive information. It also involves setting out requirements for the organization’s suppliers and on the systems they use for data processing. For many, the task of keeping the sensitive information they handle safe is nothing new. What is new is that the EU GDPR sets a requirement that you must be able to describe how keeping data safe is intended before you go about doing it. Then, it must be possible to show ongoing compliance with your own policies, procedures, and guidelines.
However, just because data protection is imperative under the new EU regulation, that does not mean it’s unattainable. There is a method for compliance that ensures that organizations are meeting all the demands, and, at the same time, ensures that compliance does not result in an enormous administrative burden for those employees involved.
On this website, you will gain insight into some of the methods and tools that NorthGRC uses to help companies in both the private and public sectors prepare for the EU GDPR. If you’d like to hear more about how we can do the same for you, get in touch!