Where to start with GDPR preparation?

Regulation comes into force in just a few months

Where to start with GDPR preparation?


By Lucy Hook

As the implementation date for the General Data Protection Regulation (GDPR) fast approaches, time is running out for businesses to make sure they are prepared for its arrival – and we already know that many feel underprepared.

A new report from Applied Systems, aimed at helping business prepare for the regulation – which comes into force on May 25 – called it “the most significant piece of data protection legislation to date.”

The GDPR strengthens individuals’ privacy rights by providing tighter limits on the processing of their personal data, significantly expanding the individual’s control and providing increased transparency into the nature and purpose of processing activities and how their data will be used, the report said.

“It is critical that all businesses understand the GDPR to remain compliant,” Jeff Purdy, senior vice president of international operations at Applied, said in the whitepaper, which suggests nine steps for businesses to take in preparation for the legislation’s arrival.

One of the first steps that organisations are advised to take is to conduct an information audit, the report advises.

“Know where personal data is held, where it came from, and with whom it is shared. An information audit is a key part of the data compliance requirements and should be performed on a regular basis, not just part of this guide,” it says. “It will also form part of the accountability principle, requiring organisations to show how they comply with the data protection principles.”

That sentiment is echoed by cybersecurity specialist firm ITC Secure, which advises that an overall set of good security principles will lay the right foundation for the GDPR requirements.

“Understanding what your data is, where it is, and who can access it are fundamental security principles,” ITC Secure’s director of cyber risk, Gareth Lindahl-Wise, told Insurance Business.

While the regulation “has received some negative press,” according to Lindahl-Wise, it’s a positive for information security. “This is probably the biggest regulatory stick we’ve seen that’s requiring that sort of focus,” he said.


Keep up with the latest news and events

Join our mailing list, it’s free!