GDPR freight train coming one year from today – How to get ready
Exactly one year from today, the EU’s General Data Protection Regulation (GDPR) will come into force, and the way we handle personal data will change forever.
Its ramifications are global, mandating that all data used within firms, including data used in testing, must be anonymized and secure. This data regulation will affect not just companies that operate in Europe, but every company around the globe that touches data of EU citizens. Penalties for non-compliance are steep– up to 4% of annual turnover/revenue or €20 million, whichever is greater.
Given the many process requirements and the potential fines, organizations need to ensure they have a good understanding of the GDPR and how this affects their “Data Lifecycle.” Potential process and technology changes will take time to implement, so there is a clear need for organizations to continue to take broad steps toward full compliance as the deadline approaches.
A few key things to know about the regulation…
For organizations that store data inconsistently, for example in uncontrolled spreadsheets and across different environments, it will be extremely difficult to guarantee that there are no instances where data is being used beyond the states’ purpose, or that data has been retained too long.
Think about that. The GDPR requires that organizations know exactly where an individual’s data is across their systems, so that it can be deleted upon request. Philip Bloor of Bloor Research gave three great examples of the massive challenge to implement this…
So how prepared are most organizations in complying with GDPR? In a GDPR study by Vanson Bourne commissioned by CA Technologies, respondents shared their thoughts on how they think the rule will affect them:
A summary of this data is found in this easy to read GDPR infographic.
Even though the clock is ticking, it is not too late to start or step up your journey toward compliance. This video shows specific tools that can be used to help organizations embrace GDPR’s principles. And earlier this week, CA hosted a webcast that is worth the watch, “Are you ready for the GDPR? One year out.”
Nationwide Building Society also recently provided a helpful example of how they are embracing GDPR requirements in an article in the UK’s QA Financial publication. Richard Jordan, Testing Service Practice Manager, talks about how they used CA Test Data Manager for a “Data as a Service” model in testing by delivering masked, subsetted, and synthetic test data to test teams that need it.
The time is now, and we can help. Check out CA’s GDPR microsite for more info on the complex provisions within the GDPR, steps you should be thinking about as you continue your compliance journey, and information on specific CA products and solutions that can organizations can use to help manage their data inventorying, storage, and compliance needs.