Is GDPR compliance part of your IT plan yet? With all the personal data floating around now, the General Data Protection Regulation (GDPR) is Europe’s way of strengthening data protection and security measures to protect the personal data of EU citizens.
The European Commission is not sneaking up on you with this. The EU General Data Protection Regulation goes into effect on May 25, 2018 – one year from today – so you still have time to get your house in order. That’s why we’ve put together next month’s webcast titled GDPR Compliance Planning for Microsoft Environments, scheduled for June 22, 2017.
"But we have no offices in Europe. Does GDPR compliance affect our organization?"
GDPR compliance standards apply to companies based in EU member states, of course. However, they may also affect you even if you have no physical presence in the EU. Ask yourself these questions:
- Do we collect or manage data about EU citizens?
- Do we offer products or services to EU citizens?
- Are any of our employees EU citizens?
- Do we accept job applications from EU citizens?
If so, then you are almost certainly collecting and managing data on them. And, if you have more than 250 employees, then you’re probably subject to the new GDPR regulation.
Don’t feel left out if GDPR compliance is not at the top of your hot list. A survey by Dimensional Research shows that many organizations lack awareness and preparation on the topic. More than 80% of respondents surveyed say they know little to nothing about GDPR. What’s more concerning is that 97% don’t have a clear readiness plan in place, and that half are skeptical whether they’ll be prepared by the 2018 deadline.
Quick, convincing answers to main compliance questions
The advent of GDPR may not mean that more audits are coming your way, but it means you’ll need to be good and ready for them when they do come. You’ll need to demonstrate compliance at any time by showing that you can quickly produce clear, convincing answers to questions like these:
- Which personal data are you storing?
- Are you encrypting it?
- How sensitive is it?
- Who has access to it?
- Who approved that access?
- What has each approved user done with that access?
Keep in mind, though, that no native report automation in your Microsoft Environment will meet those requirements. It may be easy for you to collect the data for answering those questions, but generating and distributing easy-to-read, audit-ready reports requires time-consuming, complex scripting.
Webcast: "GDPR Compliance Planning for Microsoft Environments"
On June 22, we’re conducting a webcast titled GDPR Compliance Planning for Microsoft Environments. We’ll explore how you can plan and implement a strategy to help address GDPR compliance regulations in cloud, on-premises and hybrid deployments of Microsoft products.
Whether you’re just starting to ramp up your preparation for GDPR compliance or are well into it, you’ll take away check-box items and to-do’s that will put you well ahead of the curve.