EU GDPR: What does it mean for IT?

With less than twelve months until the EU General Data Protection Regulation (GDPR) comes into effect, IT departments in companies affected by the Regulation are going to be busier than ever.

The GDPR applies to any organization in the world that processes EU residents’ personal data. It will take its toll on IT teams – particularly as it mandates the revision and implementation of processes and procedures in order to achieve compliance. With the clock counting down to the Regulation’s enforcement, we’ve taken a look at some key things IT departments need to consider.

IT interaction with Cloud service providers

At the moment, the main challenge IT departments have with Cloud service providers is in controlling access to their data. However, when the GDPR comes into effect next May, organizations will no longer be able to rely on third parties to safely store or process their data sets on the basis of ordinary assurances. IT departments will therefore need to ensure that Cloud vendors are compliant with the GDPR when storing, securing, and processing data.

Internal IT challenges

When preparing for the GDPR, a major challenge for IT departments is in finding the right talent to fill the necessary positions.

For instance, the Regulation mandates that organizations hire, contract, or appoint a data protection officer (DPO) if they process high volumes of EU residents’ personal data. The DPO will be required to have a detailed understanding of the practicalities of data protection as well as the requisite knowledge of the legal aspects of the GDPR.

DPOs will also be required to establish good communications with senior management teams or decision-makers within the organization, as they need to make sure everyone understands what’s required to meet the Regulation.

If you’re interested in fulfilling the DPO role under the GDPR, you should consider booking a place on IT Governance’s Certified EU GDPR Practitioner training course >>

The course explains what’s required of a DPO and gives attendees a practical understanding of the tools and methods for implementing and managing an effective compliance framework.

Data breach reporting responsibilities

In the event of a personal data breach, the Regulation requires organizations to notify the appropriate authorities within 72 hours of becoming aware of the exposure. As a result, IT departments will have to take a proactive approach to preventing and reporting breaches. It’s important for IT teams to have an effective cyber incident response management plan in place that will guarantee a fast and comprehensive response to a data breach.

Find out more about IT Governance’s cyber incident response management service >>

In-house evaluations

To address the data privacy challenges imposed by the GDPR, IT teams will need to conduct gap analyses or in-house evaluations of their data protection processes and policies. Organizations can use a documentation toolkit to support these activities.

A documentation toolkit reduces the burden of developing the necessary documents to achieve compliance because it contains the full set of policies and procedures that organizations need to comply with the GDPR.

Purchase IT Governance’s EU GDPR Documentation Toolkit >>