As we ring in 2018, we are reminded that in less than six short months, the General Protection Data Regulation (GDPR) will go into full effect. This regulation will have a profound global impact on every company that handles or deals with the personal data of any EU citizen regardless of a company’s geographic location. It is one of the most in-depth and sweeping regulations of modern times, and its intent is to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR is set to go into effect on May 25th of this year.
I read a recent Forbes article titled, If GDPR Compliance Doesn’t Start with Information Governance, You’ll Probably Fail. In the article, the author argues that while most of the attention to GDPR has focused on what’s called “consent management” – making sure organizations have permission to use the data they are collecting and processing – what’s just as critical is an organization’s ability to secure the data they process.
Most organizations interpret Article 32 as a requirement to encrypt personal data, but the challenge is actually much broader requiring a strong information governance (IG) foundation that enables organizations to identify where personal data exists and risk associated with it.
Organizations must use information governance as the foundational framework to being successful with GDPR compliance. This sentiment completely aligns with what we’ve been hearing from our clients who have been working hard to prepare for this regulation – you need to have a holistic approach for managing information by implementing policies, processes, metrics, and controls that treat information as a valuable and protected business asset. The author argues: if you are not taking this kind of holistic approach to GDPR, you’re probably going to fail.
Having helped numerous clients around the world on their path to become GDPR compliant, I encourage you to take the time to read the article here.