A Compliance Expert Answers Your Top GDPR Questions
The Ageris GROUP is a French-based company founded in 2003 offering specialized information protection, business continuity and personal data protection consulting services to government organizations, as well as to their clients in the healthcare, finance, and industrial sectors. Ageris’ awareness-raising approach enables companies to continually improve their information acquisition, storage, and distribution processes according to international security standards. Their team of expert consultants help organizations from the risk assessment and audit stages right through to the development and implementation of action plans, including software provisions, that adhere to strict safety compliance standards.
Recently, Denis Virole, Director of Services and Partner of Ageris Group, was invited to speak at a seminar hosted by XMedius in Paris titled “GDPR: Organizational Impacts for Enterprises” regarding the upcoming GDPR regulation and how it is set to affect businesses around the world. Before Mr. Virole captivated attendees with his talk on how organizations can prepare for GDPR before the regulation comes into play on May 25th 2018, we managed to ask him a few questions about how companies around the world can start getting prepared in advance. Read on for a few of his insights.
Question 1: In your opinion, which sectors will GDPR impact most?
Denis Virole: The sectors that will be most affected will definitely be government administration offices, banks, insurance providers, and municipalities. The fact of the matter is that GDPR will affect all companies who process and store personal data, so it’s in everyone’s best interests to get familiar with the regulations.
Question 2: How will the regulations affect daily operations?
Denis Virole: I’d say that internal operations will see the biggest impact. There will be much more communication between Information Systems Security Managers, Data Protection Officers, and various departments within organizations. There will also be quite a bit of restructuring around processes for handling data.
Companies will also have to develop transparency policies for their clients or users. Customers must be informed of their rights and how companies are respecting those rights in regard to obtaining and using their personal information. At this stage, even the most mature companies aren’t yet at an adequate level of compliance for the new regulation.
Question 3: How can organizations educate employees about GDPR?
Denis Virole: When it comes to GDPR, it’s important to understand that there is no “one-size-fits-all” solution for every organization. Employee education has to be tailored to an individual company’s culture and its constraints, such as its industry, size, IT environment, etc.
Any training is doomed to fail if an organization’s upper management structure isn’t properly informed of the specific changes that must take place once the GDPR passes. Next, specific training is needed for managers, various channels within the business, any staff who handles personal data regularly, as well as any IT subcontractors.
Awareness of best practices should also be provided to users. All customer awareness should be at the same level, and developing policies to raise awareness requires that management get involved. Getting the commitment of high-level representatives isn’t always easy, and this is likely to represent a daunting challenge in more so-called “conventional” sectors, such as government.
Question 4: What are some of the major consequences of non-compliance?
Denis Virole: A flagrant consequence for non-compliance would be a loss of confidence in a company, both internally from employees, and externally from customers, business partners, investors, and the general public. Respecting the rights of individuals is major, and any infractions could severely damage a company’s reputation.
In the event of non-compliance with GDPR regulations, EU authorities have the right to force companies to halt all commercial activities. This obviously leads to economic loss, but can also be majorly detrimental for brand awareness.
There is also a list of financial penalties associated with non-compliance, as well as civil reparations for damages caused to victims.
Question 5: What are the long term positive benefits that you expect to see from GDPR after May 25, 2018?
Denis Virole: I envision that the GDPR will improve synergy between various departments within an organization. The deadline allows companies to become compliant, but also to map out their current IT processes and procedures. Various departments will therefore have to break down any communication barriers that stand between them in order to better work together. Therefore, we can expect a deeper understanding of internal processes from all players, and ideally, we can expect better information management on all levels.
Question 6: How can companies use technology to optimize their data governance?
Denis Virole: This is a tricky question since technology doesn’t protect companies. It’s a very useful tool, but just a tool nonetheless. In order to ensure data security, a risk analysis must be carried out with the cooperation of various business units in an organization and its Information Systems Security Managers. Afterwards, a concrete action plan needs to be put in place. This way, technology becomes a solution that facilitates best practices.
Pseudonymization, for example, is a process where the most identifying fields within a data record are replaced by one or more artificial identifiers (or pseudonyms) and are only made visible when necessary, is very useful in a GDPR context. Using encryption technology can also make individuals’ personal data extremely difficult to decode, and is therefore a great solution when handling sensitive data. XMedius solutions respond very well to this need, and are non-restrictive in the sense that deploying one doesn’t require any restructuring of a company’s current business environment. They are easy-to-use and a solid way to optimize internal processes in order to become GDPR compliant.
Want more information on solutions that will boost your workflow and help you become more compliant with regulations like GDPR? Speak with an expert today to find out which solution would work best for you!