There are some big changes on the horizon when it comes to data protection. Whether your company is based in Europe or you do business with anyone who is, this will affect you. In May 2018, a European privacy law is due to take effect that will require changing the way companies do business around the world.
The General Data Protection Regulation (GDPR) will require new privacy and data protection regulations on any organization that offers goods or services to people in the European Union, or that collects and analyzes data tied to EU residents – no matter where that organization is located.
This is an important step forward for individual privacy rights, giving EU residents more control over their personal data, which is precisely defined by the GDPR. It’s the first update to European privacy regulations in more than two decades.
1. Data Protection Officers
One requirement under GDPR is that certain companies must hire Data Protection Officers (DPOs). This person is responsible for informing employees of their compliance obligations as well as conducting the monitoring, training, and audits required by the GDPR. DPOs can be hired directly by the company or can be contracted from outside the company.
Whether your company will be hiring a DPO internally or working with a third party, the importance of this role is worth noting. The International Association of Privacy Professionals estimates that at least 75,000 DPOs will be needed to meet GDPR requirements, and that’s no small change for anyone doing business in or with Europe.
2. Detection and Notification
GDPR also requires organizations to report data breaches, in certain circumstances, to the relevant authorities within 72 hours of detection, along with notifications to affected individuals. These notifications must include details on the breach and recommendations for how individuals can mitigate the impact. Building and maintaining these detection and notification systems will be no mean feat for businesses. It will require significant investment in time and resources to provide these detection and notification services, but as more companies are being held responsible for the increasing number of cyber security hacks and data breaches occurring around the world, this requirement makes a lot of sense.
3. Risk Management and Mitigation
Lastly, companies must demonstrate that they implemented risk management and mitigation measures, even in absence of a privacy breach or customer complaint. Services such as periodic assessments to identify gaps in risk management and migration processes will be critical to help businesses prepare and protect against very serious issues. It’s true that Europe is taking a strong stance in support of consumer data protection, but it’s also something that many consumers will look at as the future of data protection.
As an organization who will not be making these big changes to protect consumers information, know that this is the level of attention that will inevitably impact your region or country soon enough.
Work with a Top IT Recruiter in Norfolk
If you are looking for the top IT talent to join your team, contact ESGI today to work with a leading IT recruiter in the power generation industry.