The GDPR, in its final version just approved by EU Commission, Parliament and Council, introduces important changes in the responsibilities and procedures for protection and management of personal data within the EU.
Just think on the introduction of data breach, privacy by default, the obligation to define, document and monitor the framework adopted to protect personal data, the right to be forgotten and the period granted to companies to comply with the Regulation (2 years) to realize that the path to become compliant will not be easy and painless.
It is important, therefore, avoid that organizational, procedural, methodological and technological changes to be put in place to achieve compliance to GDPR, are not seen as a mere legal obligation, but rather represent a real growth opportunity for your organization.
Try to imagine the potential benefits in terms of process efficiency and resource savings if we could take this opportunity to:
- optimize the control systems in place through rationalization and / or the integration of processes, methods and tools used for:
- risk management;
- Privacy/Business Impact Analysis;
- Management of various compliances;
- Auditing;
- ICT security.
- Targeted resources allocation, based on company’s risk appetite and security posture;
- extend security solutions to be introduced / to be reviewed for compliance with GDPR even in those contexts of business that could benefit from them:
- implement / extend an Information Security Management System;
- Provide innovative services and processes, relying on a secure processing of personal and business data;
- …
Compliance with GDPR, asking for a holistic approach, can be also an excellent opportunity to create / improve the corporate culture on information security that is a prerequisite for a proactive and effective synergy between the various business functions that will be required to contribute, in various ways, to the security of personal and business data processed by the company.