The European General Data Protection Regulation, GDPR, comes into force in a month’s time. The GDPR is a massive overhaul and extension of existing data protection and privacy laws in the EU, the first in over twenty years.

We talk about the GDPR, naturally, in the context of Europe and the European Union. However, the GDPR has a far wider impact, although the reaction from some organisations and individuals to date would have you believe otherwise. Any organisation that has dealings, directly or indirectly, with EU citizens needs to consider the following questions:

  • Can you search across all relevant applications in your IT landscape?
  • Can you structure, save, and refer to, these search queries?
  • Do you know what sort of data you hold on individuals?
  • Do you know what constitues “personally identifiable” information?
  • Who is your nominated data controller?
  • Are you in a position to process “forget me” requests, and information requests from data subjects?
  • What are your data disposal policies, and how are they managed?
  • Do you understand how that data is being used?
  • Have you got agreement from those individuals to hold their data?
  • What security measures do you have in place for data, personal and otherwise?
  • Data about a subject has to be portable: is it relatively straightforward for you to move such data from your current systems?

If you are concerned about any of these issues, or worry about vendor support for GDPR and related data protection legislation, contact us.