{"id":4335,"date":"2016-10-03T13:54:20","date_gmt":"2016-10-03T12:54:20","guid":{"rendered":"http:\/\/www.chaordicsolutions.co.uk\/blog\/?p=4335"},"modified":"2017-01-23T09:24:11","modified_gmt":"2017-01-23T09:24:11","slug":"12-reasons-gdpr-will-impact-the-whole-of-your-business-and-not-just-it","status":"publish","type":"post","link":"https:\/\/www.chaordicsolutions.co.uk\/blog\/gdpr\/12-reasons-gdpr-will-impact-the-whole-of-your-business-and-not-just-it\/","title":{"rendered":"12 reasons GDPR will impact the whole of your business and not just IT"},"content":{"rendered":"<p><a href=\"http:\/\/www.chaordicsolutions.co.uk\/blog\/from-our-conduct-risk-consultants\/financial-stability-board-fsb-releases-guidance-for-more-effective-supervision-of-risk-appetite-and-risk-culture-at-financial-institutions\/attachment\/connectionssmall-2\/\" rel=\"attachment wp-att-3896\"><img loading=\"lazy\" class=\"alignleft size-full wp-image-3896\" src=\"http:\/\/www.chaordicsolutions.co.uk\/blog\/wp-content\/uploads\/2014\/03\/connectionssmall.jpg\" alt=\"connectionssmall\" width=\"97\" height=\"64\" \/><\/a>The clock is already ticking towards May 2018 when the EU General Data Protection Regulation (GDPR) comes into force.<\/p>\n<p><!--more--><\/p>\n<p>Whilst there is increasing awareness of what is needed within the management board, is there a possibility that the responsibility for implementation will simply be delegated to IT again as another piece of technical compliance work to deal with?<\/p>\n<p>If this happens, a major opportunity to create significant business value through more unified and robust data management will be lost, as well as the very real risk that fundamental compliance requirements will not be met.<\/p>\n<p><em>Here are 12 initial reasons why businesses should make GDPR an enterprise-wide responsibility, strongly led from the top&#8230; the management board.<\/em><\/p>\n<p><strong>1.\u00a0 Management Board\u00a0Accountability<\/strong><\/p>\n<p>Management boards accountable for breaches of regulations within business, with penalties of up to 4% of last year\u2019s turnover with\u00a0reputational risk implications.<\/p>\n<p><strong>2.\u00a0 Business Opportunity<\/strong><\/p>\n<p>Major opportunity to digitally transform business, enabling it to compete more effectively in the new digital economy.<\/p>\n<p><strong>3.\u00a0 Enterprise Wide Collaboration<\/strong><\/p>\n<p>Sheer scope of changes needed across whole business requires robust\u00a0programme management approach and strong boardroom leadership.<\/p>\n<p><strong>4.\u00a0 Process Integration<\/strong><\/p>\n<p>Data protection methods have to\u00a0be integrated into all business processes, which need to be redesigned to reflect this and associated opportunities.<\/p>\n<p><strong>5.\u00a0 Privacy Data Management<\/strong><\/p>\n<p>Must formally record why, who, what, when and where personal data is being processed by business and associated legal basis for doing so.<\/p>\n<p><strong>6.\u00a0 Third Party\u00a0Processor Risk<\/strong><\/p>\n<p>Responsibility for data now extends to all off site processing\u00a0meaning when data\u00a0leaves or is shared externally\u00a0this responsibility remains with the business.<\/p>\n<p><strong>7.\u00a0 Data Ownership<\/strong><\/p>\n<p>Regulations relate to data which is ultimately and only owned by the business, so strong data governance is essential.<\/p>\n<p><strong>8.\u00a0 Cloud Based Application Vulnerabilities\u00a0<\/strong><\/p>\n<p>Significant number of cloud based applications, sometimes used by business driven shadow IT, may not be compliant and will need to be updated.<\/p>\n<p><strong>9.\u00a0 Cyber Data Breach Obligations<\/strong><\/p>\n<p>Stricter requirements for protecting business from threat of cyber-attack and need to notify authorities of such breaches within\u00a072 hours.<\/p>\n<p><strong>10. Compliance Accountability<\/strong><\/p>\n<p>Must be able to demonstrate compliance within the business, with some aspects explicit but others implied.<\/p>\n<p><strong>11. Risk-Based Approach<\/strong><\/p>\n<p>Businesses have responsibility for assessing degree of risk their processing activities pose to individuals.<\/p>\n<p><strong>12. Independent Data Protection Role<\/strong><\/p>\n<p>Someone within business has to take responsibility for data protection compliance and if necessary, implement formal Data Protection Officer role which reports directly into highest management level such as management boardroom.<\/p>\n<p><em>These are just initial 12\u00a0reasons why businesses should make GDPR an enterprise-wide responsibility&#8230;\u00a0b<\/em><em>ut what do you think about this, do you agree?<\/em><\/p>\n<p>To discuss\u00a0these\u00a0challenges further and their relevance to your own business, please contact Robert direct at robert.toogood@data-tight.com to schedule a completely confidential and no-obligation discussion.<\/p>\n<p>PS For those organisations\u00a0operating out of the UK, the recent Brexit referendum result will unfortunately not affect the need for UK based\u00a0organisations to comply with GDPR by May 2018&#8230; also,\u00a0the latest indications are that\u00a0the UK ICO is likely to implement improved data protection and privacy regulations\u00a0similar in scope to GDPR\u00a0if the UK proceeds with leaving\u00a0the EU.<\/p>\n<p><em>DATA-Tight is a new consultancy service, specifically aimed at helping organisations cope with the increasing amount of complex legislation relating to data protection and privacy.\u00a0 By leveraging our extensive real-world programme management experience and expertise, our clients benefit from a bespoke advisory service which will help them to comply with the legislation in a more tightly co-ordinated and cost efficient way.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The clock is already ticking towards May 2018 when the EU General Data Protection Regulation (GDPR) comes into force.<\/p>\n","protected":false},"author":1,"featured_media":3798,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[354],"tags":[343,342,320,161,360,286,288,291,292,290,289,293,294,295,296,297,200,201,202,203,204,205,206,207,299,361,356,355,347,348,333,345,346,83,208,209,86,84,85,285,114,115,340,339,338,269,270,29,210,211,27,28,30,116,117,312,337,323,314,92,298,322,326,328,325,327,319,321,318,324,139,142,138,141,180,316,334,137,140,275,276,277,282,280,281,251,278,279,36,170,183,39,37,38,101,102,335,310,332,249,250,315,283,284,301,329],"_links":{"self":[{"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/posts\/4335"}],"collection":[{"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=4335"}],"version-history":[{"count":11,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/posts\/4335\/revisions"}],"predecessor-version":[{"id":4370,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/posts\/4335\/revisions\/4370"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/media\/3798"}],"wp:attachment":[{"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=4335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=4335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.chaordicsolutions.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=4335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}