As we mentioned before in our recap of the proposed legislation, the European Union General Data Protection Regulation (GDPR) will have far-reaching consequences for both cloud-consuming organisations and cloud vendors. And with the ratification of this piece of legislation, security teams will have to begin the process to comply (if they haven’t already!).
A recent survey by TRUSTe found that only around 50% of organizations around the world are aware of the GDPR, with around 65% of those aware having already started preparing for it. For larger companies, this means it’s a game of catch-up to be fully compliant within the two year timeframe. Requirements such as hiring a data protection officer (DPO), documenting security procedures and processes and ensuring you can delete data when the purpose of use has expired will require the full two years to comply.
So what’s changed since we last wrote about this piece of legislation?
Other changes include adding biometrics to the list of ‘special data’ and making greater provision to protect childrens’ data.
With the complications presented by the cloud and shadow IT, personal data will be even harder to track and control. The security teams of data controllers will have to carefully create and document processes, policies, and products to ensure data subject rights and data security of processors. Let us know your thoughts on what the new regulations mean to your industry – join the discussion by tweeting at our Twitter handle @netskope.
For more resources on the GDPR and what your organization needs to do to be “cloud-ready” for 2017, check out our white paper written by European privacy and legal expert, Jeroen Terstegge, and our GDPR cloud compliance checklist on specific steps to take.