10) Why you should adhere to General Data Protection Regulation. GDPR only applies to protecting personal data of European Union citizens wherever they reside, but putting teeth in policies to help avoid identity theft benefits everyone.
9) Policy updates. The sudden surge of data protection policy updates arriving in your inbox is GDPR in action. A U.S. version of GDPR is forthcoming. Operationalize GDPR, don’t shelve it.
8) Policy readiness. Companies must inform users they have their data, they have given them the right to use it and the right to have it deleted.
7) Protection. GDPR says individuals own their data and the company holding it must protect it. Encryption and tokenization are acceptable methods of protection.
6) Reporting. Companies holding customer data have 72 hours to report any data breach unless data was encrypted, tokenized or obfuscated.
5) Penalties. Non-compliance with GDPR can result in a $25-million fine or up to 4 percent of a company’s annual revenues.
4) Learning data. Collecting data without regard for its strategic value is less the trend now with GDPR. Knowing where your data resides and how to extract value makes it more prescriptive.
3) Hiring talent. For large companies, GDPR compliance requires hiring a dedicated data protection officer. With IT skills in short supply, consider hiring a part-time virtual DPO.
2) Customer benefits. Customers get peace of mind knowing their data is managed responsibly and securely.
1) Company benefits. Companies benefit by being perceived as responsible caretakers and providing a roadmap of legitimate security best practices.
Michelle Drolet is CEO of Towerwall, a data security services provider in Framingham. You may reach her at michelled@towerwall.com.
