[BreachExchange] Now That GDPR Has Arrived, Here Are 5 Ways Your Company Can Catch Up Fast

Mon Jun 4 19:40:37 EDT 2018

https://insidebigdata.com/2018/06/02/now-gdpr-arrived-5-
ways-company-can-catch-fast/

Everywhere you turn, companies are talking about the General Data
Protection Regulation and what it means for the future of advertising. How
will the EU enforce it? Who will be the first company fined for
non-compliance? Will enforcement be strict?

Despite all the questions, one thing is certain: GDPR is the beginning of a
larger trend in consumer rights and privacy. More frequent data breaches
mean more pressure from consumers for stricter protection. Corporations and
governments feel the heat, and new regulations won’t be far behind.

Until more countries enact GDPR-like laws, the burden of security remains
with corporations. The companies that provide customers with more access to
and control of their personal data will force others to follow suit. This
global competition is already underway, but if companies don’t achieve the
desired impact quickly, new laws will spur them forward.

Only time will tell whether GDPR protects customers, but its impact on
industry behavior is already palpable. In the future, we might look back
and see GDPR as the beginning of a trend or as the final step in shifting
market norms depending on how the world responds now.

Businesses Most Affected by GDPR

Some sectors are more likely to be affected than others, including
hospitality, travel, software, and e-commerce.

The global reach of the hospitality and travel industries will demand close
observance of GDPR rules, especially if companies market directly to EU
citizens. Businesses in these industries also regularly gather personally
identifiable information and engage with consumers using that data, making
them prime targets for early GDPR impact.

In tech, software and e-commerce companies face the largest hurdles.
Depending on the platforms used, some companies face steep uphill climbs to
improve their data management strategies and capabilities in time.

Most large and public corporations have already taken the steps necessary
to comply with GDPR. Small businesses, however, still have a lot of work to
do. According to a recent survey, nearly two-thirds of American companies
doing business in Europe were unaware of the potential penalties of
non-compliance as recently as this year.

Companies will likely enjoy a period of leniency to adapt their data
collection and business practices, but that grace period won’t last
forever. Businesses will find newer, cleverer ways to entice users to
provide information, and other companies will copy those innovations. Users
might relinquish their right to removal in favor of the superior experience
companies with data can provide.

5 Ways to Prepare Your Company

Companies in the path of GDPR should be transparent with customers and
focus on their value propositions to avoid the brunt of the blow. If
businesses get that right, it puts the choice in the hands of customers and
builds trust. As a result, customers are more likely to   exchange their
information for superior, personalized experiences. If you aren’t ready for
GDPR, follow these tips to prepare:

1. Get solid legal advice. Talk to lawyers to see whether your business
needs to comply with GDPR. The initial investment might be steep, but the
advice and action plan to save you from GDPR fines will be well worth the
cost.

2. Evaluate your timeline. Determine how quickly your business must comply.
If you need to address the issue immediately, break up the work into
blocks, and then attack in descending order of priority. If Europe is a key
future market, put compliance ahead of opportunity to avoid fees.

3. Standardize communications. Update your terms of service and privacy
policy to reflect your data collection and use policies. Even if you don’t
comply yet, clear communications and demonstrated progress could lighten
the blow from regulators and establish trust with your customers.

4. Enhance profile management capabilities. Even if you only enable the
option, open the door for users to request removals. Begin the process with
requests, and then solve the issue of complete removal during your future
compliance adjustments.

5. Apply for certifications. Self-certify for the EU-U.S. Privacy Shield
and Swiss-U.S. Privacy Shield. Go a little further and get your ISO 27001
(information security management) and 27018 (cloud data protection)
certifications, as well as your SOC 2 and SOC 3 certificates.

The full impact of GDPR will take years to understand, but in the meantime,
don’t be caught off guard. Companies that focus on compliance early will be
the ones who gain an edge over their competitors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180604/81b4af85/attachment.html>