When GDPR came into effect in May 2018, organizations suddenly realized that complying with local regulations alone would not be enough—they would have to stay on top of global ones, too.
What exactly did we learn from those late nights spent preparing IT for GDPR? And how can IT be better prepared for the next big step in data regulation? Read on to learn how your business can continue adapting to the demands of a global regulatory environment.
Lessons learned from the mad dash to comply
For many organizations, it was all hands on deck during the 2018 rush to ensure proper IT compliance with GDPR. Initially, the motivation behind these efforts was a fear of negative repercussions, as the European Union was poised to levy considerable fines against companies that ran afoul of the new regulations. But businesses also found that compliance with GDPR could inspire customer trust and ultimately lead to business growth.
Here are a few lessons that stood out amid the mad dash to get right with GDPR:
- It’s time to start thinking holistically about compliance. While it’s logical to want to get your own house in order first, complete adherence to a set of regulations like GDPR also requires careful attention to the compliance of your third-party partners and suppliers. Do you send them personal data? If so, how do they handle and protect it? Under GDPR, you’re responsible for their practices, too.
- Compliance involves the entire business. GDPR compliance is not something a business can simply hand off to the IT team and forget about. Compliance affects the entire business and requires cross-functional team collaboration, board-level oversight, and involvement, executive sponsorship, and engagement with key stakeholders.
- Compliance isn’t optional. In early 2019, a French regulatory body set the stakes, hitting Google with a GDPR fine of €50 million (or about US$57 million), which is only a fraction of the maximum allowable penalty for industry giants. Compliance is non-negotiable and, although challenging, has its benefits. Your organization will likely enjoy increased customer trust and better security, which can both benefit the business in the long run.
- Becoming compliant isn’t a one-off event. More regulations are coming down the pike, so it’s in every organization’s best interest to build internal agility in preparation. The systems, processes, and policies you create now should ideally be adaptable for future compliance initiatives.
Future-proof your IT environment before the next GDPR
The excitement around GDPR may have died down for now, but the global regulatory environment is still evolving. California, for instance, recently passed the California Consumer Privacy Act of 2018 (CCPA), which is set to go into effect in 2020. According to Technology Review, the European Union’s soon-to-be-updated ePrivacy Regulation, which deals primarily with cookies and consent, may require companies who provide online services and apps to get permission from users before they can track their usage or harvest data from their conversations.
In short, more regulations are on the way, and they’ll be in place soon. Here’s how you can future-proof your IT environment in the meantime:
- Review your organization’s approach to data governance. According to CIO Magazine, many CIOs feel GDPR is a positive catalyst for addressing privacy concerns. As such, it’s wise to take this opportunity to revisit your organization’s data governance from a privacy standpoint.
- Ensure that you have a comprehensive approach to security. While security frameworks like NIST’s and regulations like GDPR address the importance of endpoint security at a high level, you will need to get far more granular when it comes to implementation. By bolstering the defense capabilities of connected devices like printers and factoring in emerging tech as potential endpoints in the near future, you can lay a strong foundation for compliance with any regulations around new devices and systems.
- Build IT agility. By creating a fast, flexible team built for IT agility, you can better tackle any compliance initiatives that land on the IT desk. This could include establishing strategic partnerships, automating IT processes and services, or taking advantage of innovative technologies like self-healing printers that can detect attacks in progress. With greater baseline capabilities, your team will likely be better equipped to take on new regulatory requirements as they arise.
Prepare now to ensure better IT compliance
GDPR may be in the rearview mirror, but it’s clear that more privacy regulations will be coming soon. The preparatory tasks at hand may appear burdensome at first glance, but they also represent a unique opportunity for IT to make a case on behalf of better approaches to data governance that put user privacy first. By preparing your IT environment for imminent regulations now, you can help ensure your business is ahead of the curve and ready for whatever comes next.