How will General Data Protection Regulation (GDPR) impact your organization? How can Spinnaker Support help you achieve your GDPR compliance objectives?
February 20, 2018 | Iain Saunderson | Chief Technology Officer
Based on a survey conducted by Crowd Research Partners, an overwhelming majority of EU companies are aware of the regulations, but only 33% stated they are compliant or on their way to being compliant by the May 2018 deadline. 27% are not confident they will meet the deadline. In a separate LinkedIn survey, 50% of survey respondents lack the budget for GDPR compliance and 48% lack the expertise to implement a new GDPR compliance strategy.
Thus, increasingly more organizations are engaging in GDPR discussions with Spinnaker Support because they recognize the importance and imminence of GDPR compliance. Whether they require either extra budget or more expertise, organizations find that Spinnaker Support can help. Those who lack budget can redirect savings gained from lower Oracle and SAP support costs towards GDPR funding initiatives. Those who need expertise can gain guidance and advisory from Spinnaker Support, based on our own quest to achieve GDPR compliance processes, and from the significant knowledge we’ve amassed from discussions with many organizations.
Organizations have been transformed in the last few decades by technology advances, such as big data, business intelligence, artificial intelligence, and Internet of Things. The European Union (EU) is implementing mandates to deal with the monstrous amount of data that organizations are processing and capturing on a daily basis. Organizations worldwide are now facing the challenge of finding the budget and expertise needed to comply with the new EU GDPR policies.
When organizations collect private information on EU citizens or residents, the GDPR will dictate what rules they are now obligated to follow. The EU will start enforcing GDPR on May 25, 2018, which means time is limited to ensure compliance measures are implemented. To add to that, non-compliance with the GDPR can lead to administrative fines by Supervisory Authorities, that can reach up to €20,000,000 or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
GDPR is about the privacy of information; rights of privacy. The EU has worked on this privacy regulation since 2012, to replace the 20-year-old Data Protection Directive 95/46/EC. The GDPR is designed to protect and empower EU citizens and residents with the right of protecting not only their identities but their everyday actions. The GDPR regulations not only apply to organizations located within the EU, but also to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.
GDPR will also monitor the legal basis as to why and how they are collecting the information. Organizations will need to review how they are going to ‘redefine consent’ regarding data usage. When it comes to consent, organizations will need to define how they explain to their customers what data they plan to use, as well as how and why they plan to use it. There is much talk of the need for each organization to designate a Data Protection Officer, who is responsible for the data collection compliance and reporting, which is just one more added expense that will hit the organizations bottom-line.
The GDPR places onerous accountability obligations on controllers and processors to demonstrate compliance. Some of the requirements already exist in French or German data protection law today, and some formalize what is regarded as best practice (but not legally required) under the laws of other EU Member States. The net effect is that organizations will likely need to develop and implement a formal data protection program by May 25, 2018.
GDPR is real. The cost of non-compliance is high. The savings generated from Spinnaker Support’s third-party Oracle and SAP support can help fund your GDPR initiatives. Plus, for the 48% of organizations seeking expertise, we can share our experience as well.