The European Union General Data Protection Regulation (GDPR) raises the level of security and accountability required for all companies, including Value Added Resellers (VARs). GDPR strives to protect personal information of European Union residents by enforcing privacy and transparency principles for anyone encountering EU data. While you may not believe that impacts your organization, it likely does if you collect any information on the Internet or have relationships with anyone that does business in the EU. With less than a month to go until these regulations take effect, its imperative for VARs to ensure their compliance. We’ve compiled information from Cisco’s GDPR resource center to help you better understand how GDPR impacts your organization and how to meet compliance.
GDPR focuses on personal data, processing, and control. Under these regulations, personal data refers to any data that could identify a person. GDPR regulates how this data is processed including collection, recording, structuring, storing, and altering. Companies around the globe will be impacted by GDPR if they handle any EU personal data and may face hefty fines for non-compliance.
“The European Union General Data Protection Regulation (GDPR) brings long-anticipated consistency to the data protection landscape in Europe. GDPR embodies the well-recognized privacy principles of transparency, fairness, and accountability. By introducing a risk-based approach, GDPR will enable innovation and participation in the global digital economy while respecting individual rights,” states the Cisco company website.
Read more here.
Karen Walker, SVP and Chief Marketing Officer at Cisco, explains the risk of GDPR non-compliance in her blog GDPR: It’s Getting Personal.
“Did you know that fines for violating GDPR can be up to 4% of a company’s total revenues? China also just announced it would be following suit – and I’m confident this is going to be the standard for the world soon enough,” says Walker.
Walker explains that GDPR is not just a marketing and communications concern but is company-wide. She explains that the Cisco marketing and communications teams are following these regulations “religiously and undergoing extensive data impact assessments.” Mandatory GDPR training will also be on the Cisco to-do list as regulations take hold.
Read more here.
“I think, at the minimum, you should have at least some sort of executive leadership really guiding the way and then making sure throughout job categories, making sure there’s some awareness and ability to deal and manage with data. I think it’s the new currency,” said Michelle Dennedy, Cisco VP and chief privacy officer, during a February webinar on GDPR readiness.
Dennedy went on to explain the importance of examining the technology you offer, saying that all companies must examine their technology and services to make sure they are compliant. Technologies like blockchain can help companies dealing with large amounts of data, but it may not be immediate.
“Blockchain right now is sort of like teenage canoodling. Everybody is very interested in it. Everyone talks about it all the time. One or two people are actually implementing and using it in practice and they’re probably not very good at it yet,” said Dennedy.
Read more here.
Still unsure about the steps to become GDPR compliant? Watch this video to learn more: