21 / 05 / 2019
How has GDPR actually affected businesses?
TECHREPUBLIC, BY ALISON DENISCO RAYOME
The EU’s General Data Protection Regulation (GDPR) went into effect a year ago this month, impacting businesses across the globe that touch information from the region. With its onset, no legitimate businesses can ignore the regulatory requirements for obtaining, storing, or using personal information, said Raef Meeuwisse, author of Cybersecurity for Beginners and external relations director for ISACA’s London chapter.
“A few years back it was not unusual for a supplier audit to find some mid-sized companies completely missing any privacy policies, standards and job function—that is no longer the case,” Meeuwisse said. “The uptick in privacy regulations and potential fines seems to have worked as a wake-up call for organizations to treat their duties of care for personal information more seriously.”
As such, GDPR has had a “tremendous impact” on how businesses handle data, said Michael Podemski, senior manager in the advisory services practice at EY and a board member of the ISACA Chicago chapter. Most organizations are now required to have a legitimate interest to collect and use data—no longer can they just collect it because they can, Podemski said. Organizations also must delete data after its intended use, and can no longer retain that information indefinitely.
However, achieving full and efficient privacy-by-design is still a long way off for the majority of organizations, Meeuwisse said. “It is likely to be many more years before organizations have systems and processes where managing personal information in compliance with regulation is something their systems and processes were originally designed to do,” he added.However, achieving full and efficient privacy-by-design is still a long way off for the majority of organizations, Meeuwisse said. “It is likely to be many more years before organizations have systems and processes where managing personal information in compliance with regulation is something their systems and processes were originally designed to do,” he added.
More privacy work to be done
GDPR “has moved data protection and privacy from a back office, often ignored, compliance matter to an important issue that is on the agenda of almost all companies, large and small,” said Aoife Sexton, chief privacy officer for Trūata.
Click here to view the full article.
Click here to learn more about the Trūata Anonymization Solution and its benefits in terms of GDPR privacy compliance.
Aoife Sexton, Chief Privacy Officer
Aoife joined the Trūata team from the law firm Tech Law Services, where she was a Principal for six years advising technology clients within the areas of Commercial, Data Protection, IP and Technology Law. Aoife is a graduate of University College Dublin (BCL) and the College of Europe, Bruges, Belgium. She is a Certified Data Protection Practitioner (PC.dp) as well as International Association of Privacy Professionals CIPP/E certified. She is an approved IAPP trainer for the CIPP/E course and conducts regular training courses in Ireland.