In May of 2018, the General Data Protection Regulation will become effective. It will fundamentally change the manner in which organizations manage consumer information.
But numerous surveys suggest that most organizations know little about how the regulation will impact their operations and are not prepared for its implementation.
With the threat of substantial financial penalties for non-compliance, the time for waiting has passed. Indecision and a lack of action could have a significant impact on an organization’s bottom-line and even greater damage to the brand.
Preparing for GDPR: Changing the Way You Think About Data Protection
Early this year, Elizabeth Denham, the UK’s Information Commissioner emphasized the role of “accountability” as the key driver of the GDPR. In her address to the Institute of Chartered Accountants in England and Wales, she stated that “We’re all going to have to change how we think about data protection.” While she noted that it is similar to the current data protection law, she made it clear that “…this one’s a game changer for everyone.”
The GDPR is essentially about giving consumers more control over their data, and more rights to be informed about how that data is used.
For example, the consumer will have the right under Article 17 of the GDPR to have their personal data deleted if there is no compelling reason for an organization to maintain the information.
The consumer will also have a right to data portability under Article 20. That is, the ability to port their personal data for their own use or to port that information across service providers.
There are also new requirements for the reporting of data breaches to both the ICO and the individual consumer; and special protections for the transferring of data across UE boundaries.
Further, organizations will have to prove that consent to process personal data was given freely, specific, informed and in an unambiguous manner. Denham specified that “a pre-ticked box will not be valid consent.”
Most importantly it places a demand on organizations to “understand the risks that they create for others, and to mitigate those risks.”
It is fundamentally about establishing trust with consumers in a sustained way.
Facing the GDPR Compliance Challenges
So, it is clear that the ICO’s (Information Commissioner’s Office) enforcement of the norm is serious, and with the effective date of the regulation less than a year away, many organizations are struggling to implement solutions to bring themselves into compliance.
Failure to get it right will elicit financial penalties designed to be “effective, proportionate, and dissuasive” (€10 to €20 millions or 2% to 4% of global turnover). At Nuxeo, we are revolutionizing the way in which organizations secure and manage information.
We recognize that legacy content services products are costly, lengthy to implement, difficult to modify, and do not scale effectively up and down the organization.
With our cloud-native, open source, content services platform, Nuxeo gives organizations the ability to address their GDPR compliance concerns in a fraction of the time it takes to implement traditional legacy products.
Whether deployed as a stand-alone solution, or integrated with existing business applications, Nuxeo Content Services Platform gives organizations the tools they need to deliver on the accountability and transparency requirements of the GDPR.
As Denham stated in a very profound manner, “we need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically.”
For further information on how Nuxeo can help you comply with GDPR, contact us.