10 Steps Enterprises Need to Take to Comply with GDPR - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership
10:00 AM
Cynthia Harvey
Cynthia Harvey
Connect Directly

10 Steps Enterprises Need to Take to Comply with GDPR

If your organization doesn't have adequate data protection measures in place, including assigning a data protection officer, you could face steep fines next May.
1 of 11

Many IT leaders are worried about the General Data Protection Regulation (GDPR) law.

The European Union (EU) calls GDPR the "most important change in data privacy regulation in 20 years." Passed in April 2016, the EU law will become enforceable on May 25, 2018, which means companies are quickly running out of time to prepare.

In Ovum research commissioned by SaaS provider Intralinks, 52% of the IT decision-makers surveyed said they believe GDPR will result in business fines for their companies. In addition, 63% of respondents said the law would make it harder for US businesses to compete and 67% said the law will force them to make changes to their EU business strategy.

A separate 2017 study conducted by PwC found that 54% of executives at large enterprises said GDPR compliance is their top data privacy and security priority, and 38% more said that while GDPR wasn't their number one agenda item, it was one of the most important. Only 7% said complying with GDPR mandates wasn't a top concern.

Image: Pixabay
Image: Pixabay

The GDPR standardizes data privacy protections throughout Europe. It also imposes stricter regulations on all businesses that collect or process the personal data of EU residents. The full text of the law runs 260 pages long, but some of its key provisions include the following:

New rules for obtaining consent and allowing people to withdraw consent for data collection

  • Data breach notification within 72 hours of awareness
  • The right for consumers to have their data erased
  • The right for consumers to see any data companies have about them
  • The right for consumers to move their data from one provider to another
  • The requirement for companies to appoint a Data Protection Officer
  • The requirement for companies to build privacy into their systems and limit employee access to personal data

Although GDPR is an EU regulation, it applies to organizations all around the world. And those companies that aren't in compliance by May 25, 2018, will face penalties of up to $20 million euros or "4% of the total worldwide annual turnover of the preceding financial year, whichever is higher."

What should companies be doing to get ready for GDPR? Experts recommend several steps that are covered in the following slides.


Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 11
Comment  | 
Print  | 
More Insights
Why It's Nice to Know What Can Go Wrong with AI
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  11/11/2019
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Flash Poll