GDPR is coming and, with it, a bevy of complicated regulations and requirements. When the General Data Protection Regulation goes into full effect on May 25, 2018, the global data protection and privacy landscape will profoundly change. With Subject Access Requests (SAR) and security changes piling up, will you be prepared to handle this data overload? Or will you get lost in the dark?
On September 20, we brought together legal, consulting, and tech experts to share their insights on GDPR during our webinar, GDPR: Don’t Be Left in the Dark. They shone a light on how to best handle unstructured data, a frequently overlooked component of GDPR strategy.
We understand there are still questions, so here are answers to viewers’ top 6. For more information on how to best prepare for GDPR, check out our webinar here.
Does the GDPR apply to EU residents, citizens, or both?GDPR protects the data of EU residents. As an organization, you must determine what exactly that means and how to handle unclear cases—Americans working temporarily abroad, for instance. The strict definition remains as of yet unclear, so setting reasonable and well-documented policies remains of paramount importance until regulators clarify the term.
Does GDPR apply to mom and pop shops or just organizations over 250 employees?Size doesn’t matter. GDPR applies to any entity processing EU resident data. Certain records requirements and the Data Protection Officer (DPO) requirement, however, only apply to larger organizations. See Article 30 for more information.
Is any distinction made under GDPR between public and private sector organizations?No. GDPR makes no such distinctions.
Will the United Kingdom be included under GDPR?Yes. Regardless of when Brexit occurs, the companies in the United Kingdom will still need to adhere to and be compliant with GDPR.
How do organizations without an EU presence pick a regulator?Organizations without an EU presence need to determine which nation’s regulatory body will govern them. It’s important you carefully choose your lead regulator and begin building that relationship. In making your decision, you should consider such factors as existing relationships and connections as well as the reputation of each regulatory body. Once you choose a regulator, they can help you develop proactive approaches to GDPR compliance before the full regulation goes into effect.
Where do I start?Without first cleaning up data, you’ll never be able to efficiently comply with GDPR. Over half of employee data is redundant, outdated, and/or trivial (ROT) and largely unmanaged, creating risk when subject requests pour in. Every piece of information your organization holds matters under GDPR, so discovering what you have is a great place to start.
Although there is no silver bullet solution to ensure complete GDPR compliance, ZL Tech can help you take the first step by identifying your dark (unstructured) data across your organization as well as provide you with the tools to remediate this information in place.