The EU General Data Protection Regulation (GDPR) goes into effect May 25, 2018. Is your company ready?

TechRepublic’s Dan Patterson met with Box’s managing director of global legal services, Joel Benavides, to discuss how companies can prepare and comply with these new regulations. The GDPR is a mandatory regulation that affects all EU companies from big enterprises to small businesses that aims to unify and codify data privacy laws.

“Accountability is the name of the game,” Benavides said. “You really need to show in fact that you are following the underlying principles of the GDPR.” He suggested that companies begin preparing for the GDPR by carrying out a gap analysis to measure where they stand along the compliance path.

SEE: GDPR compliance policy (Tech Pro Research)

If companies are already handling data from EU customers, and those customers in turn have clients themselves, he said, then companies need to ask themselves, “Where exactly am I right now?’ ‘Do I have the right protections in place?’ and ‘Do I know exactly where the data in my system is going?”

Another concern for companies when it comes to complying with the new regulation is the cost involved. “There’s a lot of things you can do without going into the market and spending a massive amount of money,” Benavides said. Companies need to work with reputable, knowledgeable service consultants in their industry, he said. Companies must also show that they are using the means available to protect their data.

Companies need to make sure they have the appropriate technical measures in place, and that it’s done in accordance with the GDPR. “Always keep in mind that you have to show in fact that you are following all those different steps, and that is exactly how you’re going to show accountability.”

Also see: