Alliance - Fotolia

Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What lessons can GDPR requirements teach organizations?

Organizations not directly affected by GDPR can still make improvements based on the regulations. How long has it been since your organization updated its data protection policy?

Even if you are unaffected by the European Union's General Data Protection Regulation, there may be some things you can learn from it.

For starters, GDPR requirements put a high priority on conducting security risk assessments and developing a data protection plan. Both of those activities have long been established security best practices, even before the introduction of GDPR.

It is clearly in the best interest of any organization to periodically review its security and data protection policies, and to assess its ability to cope with any perceived risks. The last several years have seen massive cyberattacks on retailers, government agencies and other organizations. This is in addition to the constant onslaught of other security threats, such as phishing scams and ransomware attacks. Any extra effort an organization can put into hardening its cyberdefense will be well spent.

If you look at GDPR requirements as a whole, they largely focus on the protection of personal data. Even without regulations, companies have an ethical obligation to take reasonable measures to protect customer data, and to let customers know how that data will and will not be used.

As such, with GDPR requirements top of mind, it may be a good time for your organization to review its privacy policy and data protection strategy. After all, policies and protective mechanisms that were put into place even a few years ago may already be outdated. Even a nonregulated company can suffer massive losses in the form of civil litigation and loss of business if customer data is compromised.

I recently read a forum post in which someone suggested that even if a company is not required to comply with GDPR, it should do so anyway on the off chance that it ever begins doing business in Europe. I personally do not recommend establishing full compliance if it is not required, as abiding by GDPR requirements is likely to be expensive.

According to a recent survey, 68% of American companies expect compliance to cost between $1 million and $10 million, with another 9% estimating the cost to be even higher.

Next Steps

Opportunities for organizations preparing for GDPR

Rethink data protection policy through a GDPR study

Lessons from Equifax breach include data protection

This was last published in October 2017

Dig Deeper on Data backup security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What's your biggest takeaway from the GDPR compliance requirements?
Cancel

-ADS BY GOOGLE

SearchSolidStateStorage

SearchCloudStorage

SearchDisasterRecovery

SearchStorage

SearchITChannel

Close