Sungard AS Avail IE > Summer 2017 > Get set for GDPR

Get set for GDPR

By Sungard AS Ireland |


By Rogelio Aguilar Senior Consultant, Cyber Resilience, Security & Privacy – Sungard Availability Services

Rogelio photo_croppedLast issue, we talked about what the new General Data Protection Regulation (GDPR) means for business. With the directive coming into force on 25 May next year, organisations need to prepare now if they are not to be in breach of the regulations. In just nine months, a two-tier sanctions regime will be enforced with breaches of the law leading to hefty fines of up to €20 million (or 4% of global annual turnover) being levied by data watchdogs. But to focus on potential fines is to miss the point: what is more important is that implementation of the GDPR will give compliant businesses a real competitive advantage.

Research suggests up to 61% of businesses have yet to wake up to the reality that Brexit or not, GDPR requirements are not going to go away[1]. The clock is ticking for organisations to act on what Information Commissioner Elizabeth Denham describes as “the biggest change in data protection law for a generation.”

She says, “If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”

The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights. Its work is to ensure data protection law is respected and while they will impose fines to achieve that goal, it is not their purpose. The big question is how your organisation would measure up if the ICO was to conduct an audit or advisory visit. This is what the ICO is looking to see when they visit:

  • Senior management has taken ownership of Data Protection
  • There is a GDPR programme in place that has the necessary resources and involves all relevant stakeholders
  • A Data Protection Officer (DPO) has been appointed in those cases where it is mandatory and that this individual has access to senior management and can work without pressure being brought to bear
  • A Privacy Impact Assessment has been conducted
  • Areas of compliance have been documented
  • Areas that require further work have been identified and there is a plan in place to tackle them
  • There should be a plan to deal with a data breach when (not if) it occurs that includes:
  • A procedure to notify the ICO within 72 hours of identifying the breach
  • A process to decide whether data subjects must be notified and a mechanism to do so
  • Senior management being prepared to deal with the crisis that would arise

Sungard Availability Services can support you on your GDPR journey. Our consultants can help you establish a GDPR compliance programme, develop the business case and draw up a plan of action to gain competitive advantage by achieving cyber resiliency and regulatory compliance. To find out more, speak to your account manager, call 0800 143 413 or email avail@sungardas.com

                                                                                             

Everything you wanted to know about GDPR but were afraid to ask

If you’d like to be prepared for GDPR, you can find out everything you need to know at a Sungard AS GDPR masterclass. GDPR masterclasses are delivered by experienced practitioners at the top of their game who offer unique insights based on real-world experience across a range of industries. All our speakers have been selected because they challenge conventional thinking and cut through the waffle to give practical insights that can deliver a real business advantage.

During the one-day workshop, periods of round-table learning are reinforced by short, sharp, practical exercises designed to reinforce the learning experience through memorable, relevant and up-to-date examples. Topics covered include:

  • The foundations of modern privacy law and the essential elements of GDPR
  • What is a Privacy Impact Assessment?
  • Personal data and consent: the pathways to lawful business
  • The rights of the data subject
  • Monitoring and profiling: the impact on businesses, IT and social media
  • Data Controller and Data Processor: their relationship and obligations
  • Exemptions and opt-outs
  • The Data Protection Officer: responsibilities, authority and accountability
  • International transfers, adequacy regimes, contractual mechanisms and Brexit
  • Key business issues: outsourcing, the Internet of Things, Big Data and the Regulator

Following the GDPR masterclass you will have:

  • Increased awareness of GDPR requirements
  • Improved confidence in your own abilities to judge the relevance of the legislation to specific business processes
  • Greater understanding of appropriate behaviours on a Privacy by Default and a Privacy by Design organisation
  • Improved teamworking at strategic, tactical and operational levels as you gear up for GDPR
  • A practical understanding of the requirements, role and responsibilities of a Data Protection Officer

To find out more or arrange a masterclass for your C-suite, call 0800 143 413 or email avail@sungardas.com.

 

 

[1] https://iapp.org/news/a/survey-61-percent-of-companies-have-not-started-gdpr-implementation/

 

NEW WEBINARS:

Top Building Blocks to Combat Cyber Crime

Risk & Resilience in 2017

Click to watch