The EU General Data Protection Regulation (GDPR) goes into effect May 25, 2018. Is your company ready?
TechRepublic's Dan Patterson met with Box's managing director of global legal services, Joel Benavides, to discuss how companies can prepare and comply with these new regulations. The GDPR is a mandatory regulation that affects all EU companies from big enterprises to small businesses that aims to unify and codify data privacy laws.
"Accountability is the name of the game," Benavides said. "You really need to show in fact that you are following the underlying principles of the GDPR." He suggested that companies begin preparing for the GDPR by carrying out a gap analysis to measure where they stand along the compliance path.
SEE: The General Data Protection Regulation (GDPR) (TechRepublic PDF download)
If companies are already handling data from EU customers, and those customers in turn have clients themselves, he said, then companies need to ask themselves, "Where exactly am I right now?' 'Do I have the right protections in place?' and 'Do I know exactly where the data in my system is going?"
Another concern for companies when it comes to complying with the new regulation is the cost involved. "There's a lot of things you can do without going into the market and spending a massive amount of money," Benavides said. Companies need to work with reputable, knowledgeable service consultants in their industry, he said. Companies must also show that they are using the means available to protect their data.
Companies need to make sure they have the appropriate technical measures in place, and that it's done in accordance with the GDPR. "Always keep in mind that you have to show in fact that you are following all those different steps, and that is exactly how you're going to show accountability."
- EU General Data Protection Regulation (GDPR): The smart person's guide (TechRepublic)
- 6 big data privacy practices every company should adopt in 2018 (TechRepublic)
- Microsoft offers a free assessment of your enterprise's GDPR readiness (TechRepublic)
- Achieve GDPR Readiness with Secure App and Data Delivery (Resource Library)
- As EU's General Data Protection Regulation (GDPR) looms, tech vendors ready pitches (ZDNet)
Leah Brown has nothing to disclose. She does not hold investments in the technology companies she cover.
Leah Brown is the Associate Social Media Editor for TechRepublic. She manages and develops social strategies for TechRepublic and Tech Pro Research.