Preparing Now for the EU General Data Protection Regulation

By: Arieanna Schweber | 4/20/2015

The upcoming EU General Data Protection Regulation is set to drastically change data protection law for International organizations, including an increase in penalties for a breach up to 2% of a corporation’s annual global turnover. In order to help you navigate the change, we shared last week a video series created between Absolute Software and our compliance experts, Jonathan Armstrong and Jerry Ferguson. The video series explores 14 questions surrounding the proposed regulation and how to become compliant, addressing questions on how to prepare for future changes, top threats, and particular concerns about mobile devices and social media.

One of our compliance experts, Cordery lawyer Jonathan Armstrong, recently co-authored, with Cordery lawyer Andre Bywater, a post on the Cordery blog with additional FAQs about the EU Data Protection Regulations. These FAQs complement our own video series, answering questions such as “How many data protection regulators will I have to deal with?” and “My business is not in the EU, so will these rules still affect me?"

The post talks about the importance of “privacy by design”, which is a radical shift in how organizations approach data protection. Along with this shift will be a likely requirement to have a data protection officer, new data breach regulations, and audits. The post finishes with recommendations on what your organization should do now, which includes advice to:

  • Thoroughly review vendor contracts
  • Prepare to update everything and prepare new detailed documentation and records ready for production for regulatory inspection
  • Review all key practical aspects such as data retention, destruction etc.
  • Ensure that new requirements (explicit consent, the right to be forgotten, the right to not be subject to profiling) are all included in policies and procedures
  • Put in place a data breach notification procedure, including detection and response capabilities
  • Appoint a data protection officer
  • Put in place an impact assessment and/or risk analysis policy
  • Create compliance statements for annual business reports
  • Train staff on all of the above
  • Set up and undertake regular compliance audits

Absolute Computrace allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smart phones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.

Financial Services