How to prepare for EU GDPR regulations
The UK may have voted to leave the EU – but that doesn’t mean you can ignore the GDPR. It will affect all UK business whether we are in, or out, of the EU. So you need to ensure you understand what GDPR is, how it will affect you and what you need to do to be compliant.
Although GDPR doesn’t come into force until May 2018, Jamie Graves, CEO of ZoneFox says implementation can easily take months – so it’s best to start thinking, and planning, as soon as possible. Graves advises the following:
The Commission defines personal data as "any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address." This definition means it is wide-ranging and will have an impact on any organisation, in or outside, the EU.
As the EU intends this regulation to apply to any and all data held on EU citizens, it will impact UK businesses that want to process or store EU citizen data. In other words, you will still need to comply with the new regulations even after Brexit.
One of the new changes to the legislation is the right of the citizen to be notified if their data has been breached or compromised. Included in the GDPR is a requirement for an organisation to contact their Data Protection Authority (DPA) within 72 hours of learning about a breach. No exceptions - with failure to comply resulting in potentially crippling fines starting at €10 million – or two percent of global turnover.
One of the big changes relates to the need to respond to any data breach within 72 hours of detecting it. This is a big ask considering it currently takes around 200 days to detect a breach. You can see this as a burden - or view it as the opportunity it is.
Continuous monitoring requires a set of capabilities that gives you insights into what's going on in your organisation every second of the day. However, there are supporting factors that contribute to this successful approach, which are:
- Responsibilities - Data protection doesn't just lie with the IT department. Our opinion, at ZoneFox, is that it's everyone's responsibility, with the board responsible for leading and implementing a security culture from the top.
- Assets - There are some good tools on the market, for example nmap (https://nmap.org) that will allow you to discover and classify where your critical information is held. Once you know where it is, you need to understand how it's being accessed by both internal and external actors.
- Risk Assessment - In order to monitor effectively you'll need to perform a risk assessment. This will inform you of where you need to focus your limited resources on mitigating the top risks to your organisation.
- Education - This relates to the need to ensure everyone knows their responsibilities and the reasons why certain policies and processes are in place. Without everyone on-watch, your task is going to be a lot harder.
UK companies have less than two years to implement GDPR processes and systems. Take a look at the handy downloadable timeline which will give you insights into what needs to happen, when you should start doing it, and how long it should take you.
The main takeaway? Don’t panic! There’s still time - if you start preparing now.
Read the August 2016 issue of Business Review Europe magazine.
Grupo Espinosa: 70 years of constant evolution
Founded in 1952, Grupo Espinosa has been relentlessly supporting the publishing industry with producing more than 100 million copies every year – whether its books, magazines, catalogues or single-order custom prints. No project is big or small for Grupo Espinosa, as the facility can scale up on demand and their turnaround times are highly competitive. Grupo Espinosa works with on-demand digital press or offset press, in paperback with glued softcover binding, PUR softcover binding, stitched paperback binding, binder’s board, hardcover, saddle stitched, Spiral or Wire-O. Equipped with the experience needed for a product to leave the plant ready for distribution, Grupo Espinosa delivers anywhere inside or outside Mexico. Traditionally starting off as a black and white printing press, Grupo Espinosa has experienced transformation first hand – from colour to digital offset printing. Currently, Grupo Espinosa is also looking at making capital investments into audio books to match with the increasing demand.
So how did a seemingly local operation in Latin America become a world-renowned printing facility trusted by hundreds of clients? As Rogelio Tirado, CFO of Grupo Espinosa for the last six years says “It all comes down to our market experience and our dedication to quality”. With nearly 70 years behind them, and located in Mexico City, Grupo Espinosa has two major locations – one spanning 75,000 square metres and the other about 45,000 square metres. Both locations are controlled by a single ERP (Enterprise Resource Planning) system ensuring speed, consistency and quality of work. Tirado says this isn’t their only competitive advantage. He adds “Our competitive advantage is the relationship we have with customers and the trust they put in us with their intellectual property”. Speaking of trust, global publishing giant Macmillan Education exclusively partners with Grupo Espinosa for their Latin America operations, as part of Macmillan’s decentralized hub strategy. Having a facility that offered the full spectrum of service – from storing digital content to printing and distributing – was one of the major requirements for Macmillan, and Grupo Espinosa was recognized as the leading printing hub for providing this 360 infrastructure. Another factor that has led to success for Grupo Espinosa is the absolute focus on quality and time. The staff are committed to providing the best quality in the best possible time, without causing wastage of resources. Sustainability is a huge factor playing into Grupo Espinosa’s operations, and they’ve created a healthy environment with the sustainable use of paper and energy resources as well as keeping their employees – most of them associated with the organisation for over 10 years – happy. He adds, “In order to be truly successful, you need to be good to the environment, employees, suppliers, and your customers. But most importantly, you need to be sustainable, you need to have proper working conditions, pay proper salaries, proper prices for paper, source the paper from sustainable sources, pay your taxes, basically be a good global corporate citizen and that's probably one of the biggest achievements that we have.”