Wednesday, December 11, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

5 Challenges Companies Must Address Now to Prepare for GDPR

by Florian Douetteau
June 27, 2017
in Data Privacy, Featured
may 25 on notepad next to cup of coffee

Strategies to Ensure Compliance as Deadline Approaches

Whether your company is already operating in the European Union or has expansion plans there in the future, the upcoming GDPR rules will have a profound impact on how all organizations handle, manage and use consumer data.  Even if your website simply collects data on EU citizens, you must comply or face fines of up to €20 million or 4 percent of global annual turnover. Companies will face five common challenges on the path to compliance.

Though the GDPR implementation date is less than one year away, companies large and small are still struggling to comprehend what must be done to prepare. The General Data Protection Regulation (GDPR) seeks to improve privacy protection for consumers by changing the way businesses collect, use and transfer personal data. Companies purposely were given plenty of warning about the changing policies, but the vague language and complex structural changes mean a complete overhaul to anything remotely related to data in all companies – even for companies outside of the European Union and United Kingdom that do business with the U.K. and EU member states.

There are five main challenges companies need to address immediately in regard to data.

  1. Data Storage and Access
  2. Team Compliance and Training
  3. Data Subject Requests
  4. Data Notifications
  5. Adaptability and Scalability

GDPR does not only affect IT departments; instead, this new regulation reaches far and wide, from human resources to finance and anyone in between who touches data. Companies that address these five challenges will be more ready to face the GDPR’s implementation deadline of May 25, 2018.

Data Storage and Access

Companies that store data in one place may have an easier time with this first step. Businesses need first to assess where data is stored and who has access to what data. Companies need to audit all data sources to look at what data is collected, how it’s used, who can use it and for how long. Thankfully, there are tools to help organisations centralise data from multiple sources and monitor its use. Companies that do not use a platform should consider investing in one in order to ensure they know where all data lives and who sees what.

Team Compliance and Training

All teams need to understand the changes and regulations of GDPR and how it applies to their daily work. This means much more collaboration between teams that must be done quickly. GDPR is making data usage more transparent for consumers, which means customer service representatives will need to know what information they can divulge, what they cannot and what constitutes noncompliance. Ideally, the customer service representative will not have to ask the IT or data team each time they receive a request; instead, companies should train individuals to be able to quickly and correctly answer questions. The customer service team will need to have close communication with legal, finance and HR teams as well, to update them on any developments or problems. Companies that begin to define this process now will have a smooth transition upon GDPR implementation.

Data Subject Requests

“Data subject rights” is one of the biggest changes and challenges of GDPR. Under the new regulation, data subjects have the right to obtain:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from the data subject, any available information as to its source;
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Businesses have no idea how many requests they will receive, but they need to prepare for a significant amount by having a robust process in place. Companies can use data science platforms to implement a sound process and practise the process up to implementation. Since violations of GDPR result in steep penalties, organisations that set up a process now have time to find faults in their internal system and alert necessary team members.

Furthermore, a data science platform can automate this process for companies while maintaining transparency about who does what within the organisation. Those investing in a platform ought to begin now in order to train appropriate team members and update the company on best practices.

Data Notifications

When a data subject requests information, GDPR stipulates that the information is given in “a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.” Companies can no longer use vague language about consumer data meant to confuse or mislead an individual. This means all privacy notices most likely have to be rewritten in order to comply to GDPR.

Businesses should take stock of all privacy notifications, assess if the information could be read by a child and rewrite accordingly. Furthermore, companies most likely will now have to create new privacy policies, as GDPR grants more access to data. Once businesses solidify data subject request processes, they should write corresponding notices that are easy to understand.

Adaptability and Scalability

Again, some of the language used in the GDPR is vague, which means companies need to put in place processes that can adapt to change. Furthermore, the solution needs to be scalable as well, in order to process more data subject requests. Companies should use technological platforms that allow transparency within the team, along with compliance with GDPR. Since these regulations are new, there will be a learning curve, but businesses with organised solutions in place will be better off than those trying to adapt later on.

Addressing these five challenges is just the beginning to becoming GDPR compliant. There are many smaller structural changes organisations will need to make as well. However, by using a technological solution that can streamline the process, companies will be in a better position to make smaller changes. Especially for companies that do not hire a Data Protection Officer (DPO), having a data science platform will be crucial for teamwide collaboration. Those companies with a DPO can benefit from a data science platform as well, which will allow the entire company transparent knowledge about all things data.

To learn more about Big Data and GDPR download the free whitepaper “Five Essential Pillars of Big Data GDPR Compliance“


Tags: GDPR
Previous Post

Deconstructing MiFID II

Next Post

EY Releases New Lease Accounting Survey

Florian Douetteau

Florian Douetteau serves as CEO of Dataiku, the software developer behind Data Science Studio (DSS) which is disrupting the predictive analytics market with an all-in-one predictive analytics development platform that gives data professionals the power to build and run highly-specific services that transform raw data into business impacting predictions.

He started his career at Exalead, an innovative search engine technology company. There, he led a R&D team of 50 brilliant data geeks until it was bought by Dassault Systèmes in 2010. He served as chief technology officer at IsCool, a European leader in social gaming, where he managed game analytics and one of the biggest European cloud set-ups. He also served as freelance lead data scientist in various companies, such as Criteo, the European advertising leader.

He is listed as one of the 2017 top 100 most influential people in data according to DataIQ: http://www.dataiq.co.uk/dataiq100

Related Posts

futuristic technology projecting 2020 in white text

The Future of Data Privacy Regulation

December 11, 2019
new york city skyline at sunset

The Early Days: The Birth of the Independent Monitoring Concept

December 11, 2019
finger over green report button on white keyboard

DOJ Updates FCPA Corporate Enforcement Policy Again

December 10, 2019
stack of newspapers on laptop

The Social Construction of a Scandal

December 9, 2019
Next Post
EY Releases New Lease Accounting Survey

EY Releases New Lease Accounting Survey

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • Nanotech Engineering, Inc., Michael James Sweaney (also known as Michael Hatton), David Sweaney, and Jeffery Gange December 11, 2019
    SEC Obtains Asset Freeze to Halt Alleged Offering Fraud
  • Harpreet Grewal December 10, 2019
    SEC Obtains Final Judgment Against Former Online Marketing Company Executive
  • Christopher Collins, et al. December 10, 2019
    Former Congressman and Two Others Settle Insider Trading Charges

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights