The world is a vastly different place to what it was when previous legislations were introduced to secure an individuals personal information. In the age of social media, digitalisation and the cloud, the way in which personal information is shared is a significantly different... This blog post is part of our 'ask the Expert' series and was written by Columbus Consultancy Process Practice Director, Simon Noakes.
What is GDPR?
General Data Protection Regulation, also known as GDPR is a new European Union legislation which will supersede previous data protection initiatives such as the Data Protection Act 1998 and the 1995 EU data Protection Directive.
The GDPR is a set of around 160 requirements, which aims to further secure the data of EU citizens. This will transform the way in which data is shared and can have a significant impact on the way your business handles sensitive data.
Why new legislation is required?
The world is a vastly different place to what it was when previous legislations were introduced to secure an individuals personal information. In the age of social media, digitalisation and the cloud, the way in which personal information is shared is a significantly different to when the initial laws were introduced.
Cyber security is more prominent than ever, recently there has been large profile cases where an organisations data was compromised. It is estimated on average each business in the UK was hit with 230,000 attempted cyber-attacks in 2016, this further highlighting the need to secure data in era where technology is at the forefront of everything we do.
When does it come into place?
The EU directive for this legislation comes in on the 25th May 2018, as a result there is huge push in order for businesses to be compliant before then. The implications of non-compliance are significant as the penalty for non-compliance ranges from 2-4% of your businesses annual turnover, so we urge you not to let this go unnoticed.
Examples of the legislations requirements:
- The need to have a designated Data Protection officer within the organisation.
- A 72 hour notification requirement for data breaches.
What Microsoft is doing?
Microsoft have invested heavily in ensuring all Microsoft cloud services are going to be fully compliant with the GDPR by 25th May 2018.
Products such as:
- Office 365
- Dynamics 365
- Azure Data Services
- Enterprise mobility & Security
- Windows 10
Microsoft have gone to great lengths to ensure that their products are designed to incorporate the changes in regulations, these products have been subjected to thorough internal and external audits to ensure they are fully compliant.
For example; Office 365 has in built features to discover and remove personal data to satisfy a GDPR requirement of “the right to be forgotten.”
Azure information protection can be used to classify GDPR information with tags, this eases the burden of managing GDPR compliance policies.
Getting prepared for GDPR
Key measures to take
- Discover – Identify the personal data you have and where it resides.
- Manage – Govern how personal data is used and accessed.
- Protect – Establish security controls to prevent, detect and response to vulnerabilities & data breaches.
- Report – Keep required documentation, manage data requests and breach notifications.
The view of Microsoft and other industry leading experts working closely with the introduction of the GDPR is that the cloud makes much easier to ensure that you are GDPR compliant.
An example of how the cloud can benefit your organisation is by transferring personal data held on legacy ERP systems into the Microsoft cloud to ensure that the data is being stored in a GDPR friendly way.
How collaborating with Columbus can benefit your business?
Columbus are industry experts in ERP implementations with thousands of successful implementations worldwide, which have allowed our partners to achieve their goals. One of our main services comes from implementing Dynamics 365, a Microsoft designed GDPR compliant ERP product.
So whether you are a food manufacturer, retailer, or in the manufacturing industry we can work together in ensuring that you have an ERP system which ensures that your data is stored and managed in a GDPR compliant way.
What can cloud transformation do for your business?
Columbus are also helping businesses transfer to the cloud, the scalability and performance of servers and applications in the cloud, together with the advanced data protection and security measures available through cloud services, provide businesses with advanced computing power at an affordable cost. With micro services and containerization, the cloud is more efficient and versatile than ever.
Columbus helps you realise the full value of your ERP system and ensure a strong return on your technology spending. We bring digital transformation into your business and position you to thrive far into the future.
When you engage with Columbus to implement, upgrade, or replace an ERP system, you can rely on us to minimize the inherent risks and complexities. We draw on our understanding of industries and technologies, so your project stays on track and benefits from insightful innovation. ColumbusCare addresses your everyday concerns as well as your toughest challenges—as long as you are in business.