EU General Data Protection Regulation (GDPR) compliance checklist
February 28, 2018
Far too many enterprises are unprepared to comply with the GDPR provisions, even though those organizations are liable for the consequences if they don’t. This checklist provides a baseline assessment of your company’s preparedness.
More on the GDPR:
A lack of awareness about the forthcoming introduction of General Data Protection Regulation (GDPR)--a new set of rules from the European Union that aims to simplify data protection laws and provide citizens across all member states with more control over their personal data--has led the UK government to issue a warning over businesses' lack of preparation for the change.
GDPR comes into force on 25 May 2018 and those who are found to misuse, exploit, lose, or otherwise mishandle personal data could potentially face huge fines: up to four percent of company turnover. Organisations could also face penalties if they're hacked and attempt to hide what happened from customers.
But despite the risks associated with not being GDPR compliant, a government survey has found that many organisations aren't prepared for--or even aware--of the legislation and how it will impact their security strategy.
Only one in four businesses in the construction sector are aware of GDPR, and awareness in manufacturing is also low. The finance and insurance sectors are said to have the highest awareness of the legislation.
Overall, the report says just under half of businesses, including one-third of charities, have made changes to their cybersecurity policies as a result of GDPR. Such preparations can include creating or improving cybersecurity procedures, hiring staff, and making concentrated efforts to update security software.