After hitting the six-month, GDPR and all indications shows that the companies are taking the data protection and privacy regulation seriously. 74% of the business in the US, UK and in the EU expected to be compliant by the end of 2018 and expected 93% by the end of 2019. Also, many companies are thinking that GDPR applies mainly to customer data, but it also applies to their own employee’s data and the collected data of their customer’s customers. Here are the other 3 points to keep in your mind.
Always Authenticate Customers Identities
Companies tend to overlook the need to authenticate customers when they request to be forgotten. Before a company can release data, it needs to make sure it’s going to the right person. Releasing an unauthorized information is the definition of a data breach. Companies have to ensure there’s authenticate customers identities and access management tool into the way they respond to data requests. Also, a lot of organization spend millions of dollars on incident response and detection, but they all need to deploy it through a “GDPR lens”
Develop a plan to help customers
Most companies won’t have trouble with the GDPR requirement to notify customers of a personal data breach within 73 hours of getting awareness about it. Also, they fall down by not having a proper plan on the place for assistance in a breach occurs. When the customer expectations that the company will help them after a breach, the executive team of the company needs to be open to customers and the company may want to work with an external call center to handle such cases.
Re-think about the concept of a data breach
Many companies tend to equate being hacked with being breached. But with GDPR it’s not that simple, and a hack may not always be the way to tell whether data has gotten into the wrong hands. A breach also occurs when an employee shares information accidentally with the wrong person. Companies should identify where they need to store their GDPR data and ensure that only legitimate business need can access it. Also, an organization should monitor when employees appear to use GDPR information in an abnormal way.