The EU’s new General Data Protection Regulation (GDPR)
To enhance the protection of personal data for its citizens, the EU has produced a Regulation, encompassing 28 States, which replaces the existing Personal Data Act (PuL) in Sweden. The Regulation enters into force in full on 25 May 2018 but is already applicable today. In brief, it provides that organisations processing personal data bear a great responsibility to take the necessary security measures, and need to guarantee that personal data will be treated as confidential. Heavy fines of up to 4% of the organisation’s annual revenue or EUR 20 million may be imposed on anyone who fails to comply with the Regulation.
One of the most underrated challenges to compliance with the Regulation over time is the unstructured use of cloud applications, and hence also the risk that users within the organisation could share personal data and company-sensitive information outside the direct control of the organisation.
Enfo can help organisations to achieve the goal of being ‘GDPR compliant’ and to handle compliance with the Regulation in a structured, economically viable and effective manner over time. With our simple method, which is designed to provide insight into the increasing use of the cloud (shadow IT), we can help you to achieve the goal of GDPR compliance.
The first step on this road is a cloud risk analysis. We use a market-proven solution to conduct a data-driven analysis of the cloud applications in use in your organisation. We then add our own experience and knowledge of how the volume of data should be interpreted and what priorities should be set, and to suggest a recommended way forward (a roadmap) with a clear next step on the way to a complete management model for GDPR compliance.