– We can soon read everywhere that it is urgent to start working to meet the requirements for EU’s new data protection regulation, GDPR, – which goes into effect in May of 2018.
In short, this means that the protection for personal information is strengthened. So, do also the penalties for violations. The fines can amount to 20 million Euros, alternatively 4% of annual gross sales. In addition, you will risk your relationships with customers, partners and suppliers, if the requirements are not met.
This applies to all business, mine as well as yours.
This is a business issue – not an IT issue
You may think that this is an IT issue. The way I see it, it is not. This is very much a management issue and a business issue, which affects a large part of the organization.
Cooperating competencies result in efficiency
I can give you a tip on how my colleagues have tackled this issue. Anchor Management Consulting and Hellström Attorneys have assisted customers with their implementation of GDPR. It has shown that legal issues need to be dealt with simultaneously with the implementation of corrective measures in the business – such as processes, information, systems and supervision.
I want to advocate this approach where legal advisors and business consultants work together to identify and prioritize corrective measures. The combination results in a shorter time for implementation and becomes, in short, more efficient.
I can give you tips on a few useful links on this topic (in Swedish): From Datainspektionen, from Europakommissionen and from CIO-Nytt.