Addressing the Elephant in the Boardroom: GDPR Preparation
Only 10% of UK boardrooms are involved in the General Data Protection Regulation (GDPR) compliance process right now, with only about six months to go until the GDPR becomes law, according to research from security software and solutions provider, Trend Micro. What’s more, 56% of UK organisations are unaware that email marketing databases count as personal information under the forthcoming regulations. Such ignorance could be catastrophic, as 73% of UK organisations do not know that GDPR fines for noncompliance can top out at €20 million, or 4 per cent of global turnover, whichever is higher.
Even though the 25 May 2018 deadline to comply with the GDPR is rapidly approaching, your organisation still has time to comply. To help you complete this process, implement the following practices:
- Complete the official GDPR self-assessment from the Information Commissioner’s Office (ICO).
- Review the ICO’s 12 recommend steps that you should take right now.
- Prioritise cyber-security at the highest level of your organisation by building cyber-governance into your organisational structure. Emphasise that cyber-security and GDPR compliance is the entire organisation’s concern, from board members down to interns.
- Review your organisation’s process for collecting clients’ consent. Whatever your process may be, it must provide an active opt-in. Additionally, keep well-organised records that clearly outline what individuals have consented to, what they were told, and when and how they consented.
- Purchase a comprehensive cyber-insurance policy, which can provide cover for management liability, reputational damage and privacy breach costs.