On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into effect. It will usher in a totally new data and privacy protection regime. The GDPR gives regulators unprecedented power to impose fines, requiring large-scale privacy changes across organisations, including India-based companies, if they conduct business in Europe. Because many IT & ITeS, pharma and financial services companies, among others, have increased their presence in the EU market in the last few years, the GDPR assumes tremendous importance.
The crux of the GDPR is to strengthen and unify data protection laws for individuals within the EU as well as address the export of personal data outside the EU. Thus, it protects the misuse of any kind of personal identifiable information (PII) of EU citizens.
The key findings from our Global State of Information Security Survey (GSISS) 2018 highlight that many organisations are not doing all that they can to protect privacy:1
have an overall information security strategy
have an accurate inventory of personal data
require third parties to comply with their privacy practices
limit personal collection, retention and access to the minimum necessary
have put a chief privacy officer (CPO) or similar executive in charge of privacy
With less than two months remaining for the GDPR to come into force, it is important for organisations to assess their readiness for the new regime and prioritise key areas in order to avoid heavy penalties. We discuss the top 10 priorities that organisations need to focus on:
The date for the implementation of the GDPR is fast approaching. Organisations are advised to consider the above steps in order to ensure their compliance with the data regulation and save themselves from hefty fines and penalties.
Partner and Leader, Cyber Security, PwC India
Tel: 022 66 691 559