Recent reports note that 75% of non-IT leaders at US firms are ignoring the European Union’s General Data Protection Regulation (GDPR). They do so at their peril.
“But the US doesn’t have to abide by European laws,” I can hear you say.
The US is still firmly in the sights of GDPR’s regulatory remit. This is because any organization processing personal data for the offering of goods and services to, or monitoring the behavior of, data subjects within the EU are also affected. They have little time to prepare; the deadline is May 25, 2018. Failure to comply by that date will be expensive - fines can be up to 4% of your global revenue.
GDPR is a game-changing challenge for organizations, involving people, processes and technology. The challenge includes hiring a Data Protection Officer to oversee GDPR. This will take some doing: in Europe alone, the International Association of Privacy Professionals (IAPP) estimates that the number required will be at least 28,000.
Then you must involve the enterprise architecture team, IT system and business process owners, IT security SMEs, compliance experts, risk managers, auditors, IT & business planners and strategists, and CEOs. HR, marketing, tech support and QA also have to be involved from the ground up. They each have a role to play and need a technology platform to let them do it.
You have to throw everything you’ve got to meet the GDPR deadline, from people to technology. To start your GDPR project it makes sense to find out where in your company you process customer data and who uses it. This can be done using process modeling capabilities that include application systems, processes, data and risks.
A governance, risk and compliance (GRC) management solution can be used to establish an internal control system. If risks, controls and test cases are combined with business process management analysis (BPA) and embedded into process steps, GRC management can also help to improve performance and align all measures with the corporate strategy.
Find out if you are responsible under the new GDPR rules. And if so, Software AG can help with this - and more.
Learn more about GDPR in person at our North American Innovation Tour 2017.