Effective date - May 25th, 2018 - but it is not too late to take action!
The EU has put this regulation in place to mandate that companies will protect personal information of people residing in the European Union. Organizations that are not compliant with this regulation could face heavy fines. There are technical solutions like vulnerability management, patching, managed SIEM to help protect the data. There are also processes and governance solutions based on best practices like ITSM, ISO27001, and NIST to better help mitigate risks and protect data.
The GDPR is quite detailed and prescriptive in many areas, and the Gratia team is very experienced implementing GDPR compliance in different organizations from IT Managed Services Providers to organizations in the Healthcare and Manufacturing industries.
Gratia's broad implementation approach covering process design, internal and external documentation, implementation of compliance monitoring and review processes, as well as data flow analysis can also help your company with a streamlined, reliable and cost effective GDPR compliance implementation. The Gratia solution is not only providing you the guidelines, but the team will work with your organization on-site and in detail to ensure a succesful outcome of the implementation efforts.
Are we way behind implementing GDPR compliance?
At this point in time, the simple answer is "Yes". But this should not discourage you from starting the implementation asap. In the worst case scenario where your organization has to justify non-compliance, it will at a minimum look better if you started the implementation and show that the importance is understood.
How much time does it take?
This depends heavily on what your organization has already implemented, including
- Breach Notification Process
- Data Privacy rules
- Data flow diagrams (internally and to/from third parties)
- Data usage justifications and retention documentation
... and how much time the internal team can dedicate to the implementation. A minimum expectation of 3-4 months (duration, not efforts!) seems to be reasonable, but please contact us to discuss this in more detail.