Curtain Going Up On GDPR

Companies have had several years to prepare for GDPR yet many still are far from being fully compliant. With the launch deadline nearly upon us, Alan Earls reports on some final thoughts for corporate preparations.

Maybe it is just that people are reluctant to face up to bad news, like an ominous diagnosis from a physician. Or, perhaps it is the broad Atlantic Ocean, which seems like it ought to provide some insulation from the long arm of European law. Whatever the reason, most experts agree that companies on the North American side of the proverbial pond are too often behind times in preparing for the consequences of the European Union’s General Data Protection Rules (GDPR), which sets a very high bar for privacy and data management. This new regulation affects nearly every organization that does online business with citizens of the European Union, regardless of the citizens’ or the company’s geographic location. “If you process data of an EU citizen — even if your business is located outside of Europe or that individual is outside of Europe — you need to make sure you have systems in place to be GDPR compliant,” says Christopher Rence, chief information, security, and risk officer at Digital River, a Minnetonka, Minn.-based global ecommerce, payments and marketing services company.

As with other amorphous business challenges that don’t go directly to the bottom line, motivation and communication are important. Organizational campaigns and general awareness training programs are a great way to generate buzz on GDPR and to prime staff on its wide-ranging requirements, notes Kevin Kish, privacy technical lead at Schellman & Company, Inc., a security and privacy compliance assessor. Longer term, your organization’s first line of defense is the people who interact with customers. So, Kish says, it makes sense to build a tactical, role-based training plan with department privacy leads to address how specific business units should handle data in their possession.

Read More:

About the Author

Kevin Kish

Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. With nearly 8 years industry experience, he has a strong history of implementing, maintaining, and assessing global information security and privacy requirements, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As an industry advocate, he is passionate about researching and writing on the fundamentals and concepts of sustainable data privacy; and, providing education to clients on the risks, challenges, and best practices around data privacy legislation. He holds several privacy designations from the international association of privacy professionals, including CIPP/US, CIPP/E, and CIPM.

More Content by Kevin Kish
Previous Video
GDPR 55 Days and Counting
GDPR 55 Days and Counting

Is your organization ready for GDPR?

Next Flipbook
Last-Minute GDPR Compliance
Last-Minute GDPR Compliance

It's too late to do GDPR compliance right for the May 2018 launch, but not too late to start.