18 Jul 2017
GDPR: Be aware of your digital responsibility!
By: Stijn Janssen
When themes like big data, cloud computing and the internet of things (IoT) are part of your digital strategy and/or transformation, you are processing a lot of valuable information. It contains data about your employees, vendors and customers and opens doors to new opportunities and business models. It also comes with a great responsibility.
As your guide, we like to challenge you. Besides that, we want to make you aware of the risks regarding privacy policies, compliancy and security that exist within the digital transformation.
Since May 2016 the European Union agreed upon a new law regarding privacy of data. And this law will actually become effective as per 25th May 2018. The law is much more detailed on privacy of data than we were used to in the present situation. Basically, this law arranges that the control of personal data is assigned to the person this data belongs to (privacy by default). Employees, for example, can ask you to inform them what kind of data you have on them.
Not being compliant with this law will put you at risk for a fine of 20 million Euro or 4% of your global revenue. Not something you want to risk? Then you need to start paying attention, being aware and think thoroughly.
Recently, the world was shocked by the most horrible stories on the news. Sensitive, personal data was out in the open because of the WannaCry virus and several ransomware attacks. Unfortunately, these viruses and attacks are business models.
Besides, your valuable data can be interesting for black hat hackers as well. So protecting your data is key! The above makes it even more important to think and prepare on how to organize the safety of your data. In other words: make sure you have a policy in place first before you start your digital transformation.
Make sure you are aware of the data protection addendum (DPA) your software is providing you with and always document the changes you are making when it comes to personal, sensitive data you process, store and archive.
When you know where, when and why you have the data that you have, you can answer the following question.
Can you prove it?
The most important aspect of this privacy regulation is the fact that is to create a proactive awareness in your organization.
The following activities can help:
- Embed privacy into your internal communication strategy;
- Describe and assign a clear role and responsible person (DPO);
- Bring stakeholders together who are dealing with personal & sensitive data;
- Map the data fields & flows within your application landscape;
- Have a controller & processor agreement in place.
These actions will decrease the risk of getting a fine of 20 million Euro or 4% of your Global revenue. It’s all about being able to prove your proactive attitude towards dealing with privacy.
Start spreading the awareness
Let us make a bold statement about privacy, protection and security of your data: It needs to be part of your strategy. It has to be a recurring topic on your management and project meetings! Involve all departments in communicating the actions you take as an organization.
There are many blogs online regarding setting up new privacy statements or GDPR updates. Share these via a simple email or WhatsApp message with your teams to create awareness.
Talent Peaks can guide you to become more aware and ready for your digital responsibility.
Privacy Impact Assessment? Talent Peaks can guide you!
As your digital guide, we believe it is our obligation to point out responsibilities on everything within the digital transformation and so we value the privacy and protection of data.
Did you read all of the above and are you having any concerns or questions on how to take action?
Talent Peaks can guide you to become more aware and ready for your digital responsibility starting with a Privacy Impact Assessment (PIA).
- When starting a PIA (Norea approved standard) we will assess your system or project on eight topics that will give insights on the purpose and objectives of processing personal data.
- After analyzing your PIA we deliver an outcome document with concrete actions and measurements you can take which can help you improve your privacy awareness, quality, services, decision making and gaining trust of your employees and customers.
More information about our PIA offering? Please contact us!