With less than a year to go, all sails are set for EU GDPR. Omada was given a seat at the table, when experts and company representatives, met to discuss key elements of the regulation and recommendations for top priorities in order to ensure compliance.
Danish media group Berlingske today invited key players including the Danish ITC Industry Association, the Danish Data Protection Agency and Omada to speak to invited guests about the upcoming EU General Data Protection Regulation (EU GDPR). On 25 May 2018, the new regulations take effect, but how do companies get ready in time?
According to Christina Angela Gulisano, head of the Danish Data protection Agency, there is now significant awareness around privacy data. Although getting ready for when the new regulations take effect is an extensive task for many, she hears many say there is a positive business case in it.
Her primary recommendation was to get started - sooner rather than later – and as a first step, getting an overview of what data there is and what data the organization needs (and she stressed needs) to keep. She also advised getting to grip with key priorities such as having a plan for what to do if a breach occurs and considering if your organization should have a Data Protection Officer. Although the latter is not essential for all companies, she has met many companies across Europe which see it as a positive, providing significant value – and potential savings.
Company reputation at stake
Precisely privacy data for the sake of the business is the case at pension fund AP Pension. The firm told attendees that getting control of the data privacy relates to customer loyalty and trust and is a catalyst for optimization.
As a pension fund, AP Pension handles significant amounts of privacy data every single day. Clients need to be able to trust that they abide the law, meaning also the company reputation is at stake. The firm has been working since late 2015 to get compliant. They have top management closely involved in the process, meeting to make decisions continually and evaluate scope and needs – for both the business and the customers.
Start the process
Also KPMG sees EU GDPR as a potential game changer in terms of the competitive business market. According to KPMG, many companies are well on their way – but too many are not. A new survey from the firm indicates that 61% of companies have not started EU GDPR implementation yet and this is relevant, because EU GDPR encompasses many elements and the consequences of not being in compliance are significant. Their advice was to get involved, get prepared and start having things such as an incident response plan ready, should a breach occur.
Omada Executive Vice President Christian Stendevad concurred, noting that it is essential to get processes up and running to start getting in compliance. But EU GDPR is not a one-off exercise, it needs to be a continual way of working, to ensure continual compliance. He gave the example of a company where there was a drive only the CEO, his top management and his PA should have access to. In reality, it turned out that yes, only this group had writing access to the drive, but a much, much larger group turned out to have reading rights. Get the overview of what data there is, get in control of the data and be able to document this control - and remain in control of it. No, not everyone has control of their data right now, but it is possible to get in control, he concluded.
Read and learn more about Omada’s identity management and access governance solutions.