GDPR: Time to appoint a Data Protection Officer says M-Files

GDPR: Time to appoint a Data Protection Officer says M-Files

GDPR: Now is the time to appoint a Data Protection Officer and focus on compliance, claims M-Files

Enterprises need to plan now for the implementation of the new General Data Protection Regulation (GDPR)

Planning ahead for the upcoming implementation of the new GDPR will be essential for enterprises and integral to that will be the appointment of a new role within the organisation: the Data Protection Officer (DPO). This is according to M-Files Corporation, a provider of solutions that dramatically improve how businesses manage documents and other information.

The GDPR (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using, or exchanging such data. Directive 95/46/EC encompasses all key elements from article 8 of the European Convention on Human Rights, which states its intention to respect the rights of privacy in personal and family life, as well as in the home and in personal correspondence.

The Directive, which achieved final approval in late January 2016, is expected to come into effect in late 2017 or early 2018. In order to be ready, organisations need to start planning now for its implementation.

Julian Cook, Director of UK Business, M-Files, stated:

“Enterprises need to address the compliance, budgetary and risk factors associated with the introduction of the Directive now. Article 35 of the GDPR mandates that all organisations no matter what the size, must have a DPO, but this may not be enough to drive change and give executive management the visibility and insight it needs as it relates to compliance. The role of the DPO not only includes advising on and monitoring GDPR compliance, but representing the company when contacting the supervising authority or the Data protection authority, which in this position is so critical.”

The new Directive will also see the introduction of a new, tiered fine structure. A company can be fined up to two per cent of their annual turnover for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach (articles 31 and 32), or not conducting impact assessments (article 33). More serious infringements merit a 4 per cent fine, such as a violation of basic principles related to data security (article 5) and conditions for consumer consent (article 7).

The GDPR also requires that the DPO will need to notify the appropriate supervisory authority of a personal data breach within 72 hours on learning about it if it results in risk to the consumer. The GDPR notification is not more than just saying that you have had an incident. Organisations will need to include categories of data, records touched, and the approximate number of data subjects touched.

“But it is not just creating a new role to challenge the risks associated with the GDPR. It is also about the issue of compliance and organisations also need to seriously address today’s highly mobile workforce to prevent potential data breeches and the issue of risk head-on,” added Julian.

“According to research M-Files conducted in 2014, 25 per cent of employees say their company has experienced information security breaches, data loss, non-compliance issues, loss of control over documents through employee use of personal file sharing and sync tools at work.”

One way of addressing these challenges is through the use of leading Enterprise Information Management (EIM) solutions to provide the simplicity that employees desire, but the control businesses require. EIM helps simplify processes in a variety of ways. For example, with metadata-driven EIM solutions, content classes can easily be determined for enabling quick access to non-sensitive content while securing confidential information.

Planning ahead for the upcoming implementation of the new GDPR will be essential for enterprises and integral to that will be the appointment of a new role within the organisation: the Data Protection Officer (DPO). This is according to M-Files Corporation, a provider of solutions that dramatically improve how businesses manage documents and other information.

For more information on M-Files click here

Leave a Comment