Microsoft Dynamics vendors provide comparisons and opinions to professionals in the ERP/Accounting software selection process

 
 

Fastpath Team

Plan now for General Data Protection Regulations 2018 Deadline


Email | Print

Scares about potential disasters like Y2K, the end of mainframes and the death of green screens have left us all a bit skeptical when it comes to which threats to take seriously and how urgent proactive preparations really are. Could dire warnings be just a way for software companies and consultants to scare us into buying their products? While that has happened in the past – and will no doubt happen in the future, there are some warnings that are worth heeding and changes worth preparing for. A case in point is the new General Data Protection Regulation (GDPR) that WILL take effect at the end of May 2018. Now is the time to get your plans in order and avoid the penalties for non-compliance.

Who must comply?

It’s true that GDPR is a European Union regulation, but its reach goes beyond Europe itself. It is not necessary for your company to be based in Europe in order for the regulation to apply to you. If your company, regardless of where it is located, conducts business or has customers in the EU, you will still be affected by GDPR. Don’t wait until the deadline for compliance before confirming whether or not your company deals with customers operating in Europe. If your company stores data relating to these customers, GDPR applies to you.

Won’t my current audits cover this?

Even if your company is regularly and professionally audited or reviewed, your internal controls may not be adequate for meeting GDPR standards. GDPR has its own guidelines and specific requirements for data privacy and that might mean assessing your business’ vulnerability in each of five areas and putting in place programs to ensure that necessary changes are adopted. As this degree of regulation will be ongoing, it’s not enough to just figure out the data once, controls must be in place for ongoing monitoring.

The implications of non-compliance.

If your business is found to be non-compliant, the penalties can be steep.  The EU has the authority to impose fines of up to 4 percent of an organization’s annual revenue or 20 million Euros, whichever is larger. Unlike challenges of the past (like Y2K) which threatened to shut down or slow down your daily operations, the threat to your bottom line is not speculative or nebulous. The penalties, in this case, are concrete and known.

What does compliance mean for your company?

GDPR is a series of regulations designed to protect individuals’ personal data. It focuses on specific information and how that information is controlled and secured within your organization. Many companies already have systems in place to safeguard their customer information, regardless of regulatory requirements, but the GDPR deadline can be used to make sure that your other areas of privacy regulation as well as your financial internal controls are also secure. If you have such systems in place, this is the time to confirm that they are operating properly while you plan for GDPR compliance.

There is still time to implement these controls before GDPR becomes mandatory. Act now to ensure compliance and to avoid penalties.

For more information about GDPR compliance and how to achieve it before the deadline, contact our experts a Fastpath 877-893-6295.

Comments are closed.