If you are a company on this planet which does business in the European Union (EU), has more than 250 employees, and collects information from your users/customers then you need to know about and become compliant with the upcoming General Data Protection Regulation (GDPR) that will go into effect on 25 May 2018 across the EU.
According to Milad Aslaner, a Senior Product Manager for Cybersecurity at Microsoft, 28 million companies around the globe will be required to comply with the GDPR when it goes into effect. One other thing these companies need to know is that this is more than just adding a new piece of hardware or a few lines to any contract to become compliant. The work required is extensive but once in place, will make your company a better citizen in the world with improved methods for handling the data and protecting the privacy of your customers.
Note: GDPR is focused on customer data however, you will also be required to place similar controls and show how you handle internal employee privacy data in addition to the customer related processes.
The key areas the GDPR cover include:
-- Personal Privacy: This includes the right for your customers to delete the personal data your company collects from them.
-- Controls and Notifications: Show that you have the tools in place to prevent unauthorized access to customers private data.
-- Transparent Policies: Policies about data protection must be accessible by everyone and layout how customer data is processed. No more silent consent by sliding a checkbox in a page that can be easily missed by the customer.
-- IT and Training: All employees must receive mandatory training about privacy and data protection. As an example, all Microsoft employees recently completed a one hour training session so the company would be in compliance with GDPR.
Microsoft made it clear back at Microsoft Inspire that they fully support GDPR because they believe it is the right thing to do for customers.
You will notice with the release of the Windows 10 Fall Creators Update that even more enhancements have been made to the operating system to continue to build compliance into the OS for end users and to comply with GDPR.
Aslaner also confirmed that all Microsoft product and services will be fully GDPR compliant by 25 may 2018 when the new laws go into effect.
He recommended that companies take the Readiness for GDPR Assessment at the Microsoft Trust Center to get an idea of how prepared they are and to identify the areas within their organization that needs to be addressed to gain compliance.
Of course, the results of this self-assessment are only as good as your answers to be brutal with where your company is at the moment so that you can get on the right track to compliance.
Lack of compliance could result in a fine of 4% of your companies global income according to the GDPR so getting things sorted out is not only right or your customers but also for yoru companies financial health.
Additional resource for GDPR are available from Microsoft at the Microsoft Trust Center GDPR page.