Even though GDPR has been in force since May 2018, a report by Gartner says that many organizations are still not compliant.
Facebook lost 3 million daily active European users from Q1 to Q2 after the General Data Protection Regulation law that went into effect in Europe in May 2018.
Google, which recently announced its earnings, did not cite any significant revenue loss and customer issues in Europe.
A Trends Report from British software and services company Advanced also showed that 25 percent of organizations were either unprepared or unaware of the incoming changes.
Though the risks of receiving fines of up to €20 million or 4 percent of annual turnover has caught the eyes of CIOs, organizations need to work their way into being GDPR ready.
CIOs need to understand the capability of their organization and the level of improvement they require, to deal with the consequences of not being responsible and updated.
Hence, organizations of all sectors require a Data Protection Officer. He will help manage and monitor all forms of audit, data transfer, law and assessment. The DPO ensures the identification of data and keeps track of sensitive information on an ongoing basis.
This will help differentiate and identify the different types of data an organization has and every connection it makes with other sites, companies and services.
Some organizations have also developed a risk assessment system where applications are programmed to Passive Scanning. This system requires zero human assistance and ensures that no data without appropriate GDPR security controls is being stored, processed or transferred.
In the same context, organizations have also started using other systems that can successfully store information of every data holder and every other user it is being transferred to. Making sure it is being done within the compliance of users and subsequently to the GDPR requirements.
This will overall decrease any chance of the fines being initiated and the reputation and the profitability of the organizations.
One other risk of not being GDPR compliant is the assumption that only improving in technology is required, forgetting that focus must also be within the internal policy and processes, including knowledge and training of employees.
CIOs must also ensure 100 percent consent among their users. What’s more, their users are also subject to retain the right of having their data erased and forgotten.
Organizations are subject to being pulled into infringements that may disrupt the adherence of their programs and their goals of achieving maximum profit; however with the GDPR already into play, they need to up their game a hundred times more by constantly checking if every data has user’s consent and if every process is within the rules of GDPR compliance. With time and effort, organizations will slowly learn to cope with such rules, provided that CIOs keep a keen check on their organization and its systems.