GDPR: four letters that’ll change everything for your business

Published on 09/03/2018 in Innovate

GDPR: four letters that’ll change everything for your business

25 May 2018: A crucial date for any business that collects and handles personal data, as on this day, the General Data Protection Regulation will become law. One thing is certain: it will leave its mark on the future of your organisation. But how?

The GDPR, it’s everybody’s business

To start with you’ll have to appoint someone to be responsible for data protection. His or her role will be to ensure the handling and management of data is done in accordance with the GDPR. Moreover, all your co-workers will also need to be involved. They must be made aware of their responsibilities as it relates to the protection of your customers’ private data. It is vitally important to already raise awareness of this through good internal communication.

Businesses who clearly understand the necessity of respecting their obligations when it comes to GDPR will gain a competitive advantage over other players in the market.

Sheila M. FitzPatrick, Chief Privacy Officer, NetApp

What are your obligations?

The definition of what actually constitutes private data is now wide. It includes, for example, genetic, social, cultural, intellectual, and economic data - in short, any customer data that your company captures. And, you are directly responsible for the protection of this data! Furthermore, it is also required that you conduct an impact analysis on data protection within the context of a high-risk project.

Are you sending information to a partner or supplier? If so, it is your responsibility to ensure that this third party manages the data in compliance with the GDPR for the duration of your relationship with them.

Cyber attack: a reality that can’t be ignored any longer.

Besides this, your organisation will also be required to answer, in all transparency each time a customer asks, what data you have about them in your possession.

You need a partner that is capable of helping you rise to the challenge of storing data in the cloud while ensuring confidentiality of the said data.

Sheila M. FitzPatrick, Chief Privacy Officer, NetApp

Read the interview on GDPR with Sheila M. FitzPatrick

A breach? React quickly!

Firstly, you have to understand that it is your role to detect data breaches or technical incidents. What should you do if ever such an event occurs?

  • Declare it to the competent authorities and persons of interests within 72 hours.
  • Close the breach.
  • Start an investigation and collect legal evidence.
  • Prove that you took all the necessary measures to ensure the protection of your data. On that topic, don’t settle for the bare minimum: opt for a strong solution, like data encryption.

How can you protect yourself from cybercrime?

Not abiding by the GDPR can cost you dearly

The new regulation is not to be taken lightly. You will not be able to tamper with citizen data and get away with it. Lawmakers have made it very clear: if the GDPR is not followed, your company risks a fine as high as the equivalent of 4% of your business income, up to a maximum of 20 million euros.

The GDPR holds no secrets to you anymore!

If we wanted to tell you the three points you should remember about GDPR, they would be:

  1. Your enterprise must appoint a person responsible for data protection.
  2. You must communicate with your customers in all transparency about data that concerns them.
  3. You must report data breaches within 72 hours and immediately start an investigation.

Not ready for the GDPR deadline? Need some help?


Magazine and online blog for business leaders, brimming with new insights for a fresh look at their company.

Peruse the latest magazine! (French version)

Other articles of Perspective