The impact of the General Data Protection Regulation (GDPR), set to come into force will be heavy and far-reaching.
According to Paul Ferron, EMEA director of digital identity strategy at software company CA Technologies,no company is going to be able to fully insure themselves against fines.
He states that there is, simply, no technology that makes 100 percent compliance possible.
[GDPR compliance] first and foremost is a process… There are so many different aspects of the GDPR that you cannot buy a technology and just be compliant.
The GDPR should be treated as an agile programme: rather than getting yourself in order and closing it down until your next audit, it should be part of your ongoing considerations.
Every business will have work to do to become compliant. Once one piece of work is finished towards GDPR, you should move onto the next piece.
Many people believe that by simply showing regulators that you have made an effort to be compliant; any fines for a data breach should be mitigated.
The regulation itself is actually quite ambiguous.
Take The Right Steps
It’s going to come down to doing as much as you can; showing that you have taken the right steps and documenting those steps.
After that, it will be key to be able to show that the steps you took were sufficient, based on the risk you expect to face.
It seems to be that every week a new case is reported where a business’ data is compromised.
Once GDPR guidelines come into full effect, there will be far stronger punishments for companies who do not do enough to protect their data.
This will include data that is stolen because computer hardware is not properly disposed of.
If you would like to talk to an expert at Tier 1 about how we can help with the secure disposal of your unwanted IT then call us on 0161 777 1000.