GDPR (General Data Protection Regulation)
Some of you may already be aware that on 25th May 2018 the Information Commissioner is going to start enforcing the new GDPR rules. These changes are the reaction to how much data is now stored electronically/by technology and by events such as the Talk Talk scandal in 2015.
Although this may seem like something you don’t have to deal with for a while, the advice from the ICO (Information Commissioners Office) is to start assessing your existing Data Protection Procedures against the new rules as soon as possible, with warnings that non-adherence to the new rules will have serious consequences for companies.
The main areas the GDPR are focusing on are Accountability, Governance, Portability and Lead Supervisory Authority. The new rules will introduce new accountability obligations, stronger rights and restrictions on internal data flows.
Preparing for Legislation:-
– Evaluate the personal data you have.
– Categorise the data between personal & sensitive information and less important data.
– Create a data flow map to provide clarity of what happens to any incoming personal data and where it ends up within the company
– Carry our regular risk assessments to understand the degree of threat imposed on the company when processing data
– GDPR demands a Risk-Based approach with appropriate controls. What are the dangers associated with the loss, misuse, theft or general compromise of customer data.
– GDPR will also require organisations to prepare a breach notification plan in the event of something going wrong.
For full Overview of the GDPR click this link to go to the ICO website.
You may also find these articles of some use:-
Here at EventShaper we are still trying to work out the impact GDPR will have not only with us here but also whether it impacts how we communicate with you and your exhibitors. I will send an update on this once we have a better understanding and any plan we would need to action to ensure full compliance.