There are big changes coming for organizations that conduct business in, or store and collect data tied to citizens of the European Union (EU). From data protection and breach reporting to governance documentation, the General Data Protection Regulation (GDPR) calls for businesses in any location that hold data on Europeans to be more efficient and accountable with their IT operations – or face significant penalties.
With May 25th, 2018 as the proposed GDPR enforcement date, you have just a few months to comply with the new (and slightly confusing) GDPR laws. Though that may seem far away, the date will come quick, as will the scrutiny into your data practices.
But the path to compliance doesn’t need to be difficult. At Interlink, through our cloud and on-premises solutions, we’ve identified a path forward.
GDPR grants European citizens living in the EU enhanced data and privacy rights.
Under GDPR, businesses must obtain consent for storing an EU citizen's personal data in most cases. Businesses must also clearly explain what data is being stored, for how long, and what processes are in place to protect personal information. Citizens also have the legal right to:
GDPR defines personal data very broadly and includes names, email addresses, and online identifiers, as well as genetic, biometric, and demographic data too. Though there are some exemptions to data processing in GDPR, businesses that hold EU citizen data, whether they are operating inside or outside of the EU, will need to make the necessary compliance changes by May of 2018.
Businesses that violate GDPR are subject to various penalties, including an upper-level fine that is equal to 4% of revenue.
Your business may be penalized for:
The first step in building a path to compliance is discovering what personal data your organization stores and where it resides.
Next, you’ll want to assess how your data is being managed. Management falls into two categories: data governance (policies, roles, and responsibilities) and data classification (organization and labeling).
After classifying the data into appropriate groups, you’ll then need to apply protection policies to that data when appropriate.
The final step, reporting, involves making sure that you not only keep up-to-date and accurate records of data collection and processing, but also have the reporting tools necessary to supply citizens and legislators any requested information. GDPR places a large emphasis on transparency and accuracy in data reporting, making it a critical process component that can make or break your overall level of compliance.
Microsoft will have its cloud platforms compliant by the GDPR enforcement date, supplying you with the tools and processes you need for guaranteed business continuity. For nearly all organizations, the Enterprise Mobility + Security Suite (EMS) covers many of the process and data administrative components required for GDPR compliance. EMS comes in two different options: EMS E3 and EMS E5.
With EMS E3, you get powerful data governance and protection features, including:
For enterprise customers, EMS E5 provides extra layers of data protection by including all the features of E3 and then some. These additions include:
The Microsoft Enterprise Mobility + Security Suite helps keeps your organization GDPR compliant by protecting with data from unauthorized use. The flexibility of the EMS solution lets you continue to write data policies and create responsive governance plans without the worry of how your IT processes will respond.
As your journey towards GDPR compliance continues, Interlink can help you identify which solutions and configurations will work best for your organization. Through a combination of cloud and on-premises deployments, we’ll work with your organization to help you on your security and compliance journeys.
Contact us today to secure your data and become GDPR compliant.