The introduction of the General Data Protection Regulation (GDPR) on 25 May 2018 will mean big changes to the way companies manage personal data.
Implications and impact are set to be so significant, in fact, a major part of the keynote on Wednesday 12 July at Microsoft’s flagship partner event Inspire, 9-13 July, was devoted to GDPR and Microsoft’s approach to supporting customers in becoming GDPR compliant.
The new regulation will give EU citizens more control over their data, through the following rights:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision-making including profiling.
But, GDPR is not only about enhancing data privacy, it’s also designed to ensure greater data security, and will command hefty penalties for breaches – up to 4 percent of annual global turnover or €20 million, whichever is greater. The consequences of non-compliance could, therefore, be financially devastating for a business.
Microsoft has a four-pillared approach to supporting customers become GDPR compliant:
1. Discover – identify the personal data you hold, and where it resides
2. Manage – regulate and control how that personal data is used and accessed
3. Protect – set up appropriate security measures to ensure you can prevent, detect, respond to vulnerabilities/data breaches
4. Report – create and maintain relevant documentation, manage data requests and breach notification requirements.
The BBC’s article published 7 July, Could new data laws end up bankrupting your company? , reports Mark Thompson, a partner in KPMG's privacy advisory practice, commenting, "Many businesses have no idea what to do and don't want to grasp the nettle,” and which is why Cobweb has published an eBook, GDPR: A Guide for Business.