Getting GDPR ready is a priority for many right now. As we count down to the May 2018 arrival of the European Union (EU) General Data Protection Regulation (GDPR), many companies are knee deep in preparation. In fact, most experts say that those who are not getting in gear now are already behind.
Frankly, the investment many are making to ensure survival post-GDPR is astounding. The global law firm Paul Hastings recently surveyed general counsel and chief security officers in the United States and United Kingdom. U.S. companies that are taking up this overwhelming task of preparing for the law’s enactment are setting aside $1 million for GDPR compliance technology, while U.K. businesses are stashing £430,000, according to the survey.
Initial steps you can take in anticipation of the GDPR:
Determine your Vulnerability
GDPR is a regulation to curb how organizations process, store, and secure personal data of anyone in the EU. The kicker is that it also covers the export of data outside the EU; this means the law extends to any company working with those in the EU.
Clearly, many life science organizations are vulnerable. They collect data on patients and clinical trials, not to mention human resources files for those with global teams. If someone in the EU is among their files, they could be subject to the law. However, if yours is a strictly American company, for example, you might not have to worry so much. Some companies are looking to de-identify Europeans in their system. But that’s not possible for everyone.
Set a Budget
Determine if you need to stash that $1 million about which so many are talking. As many have pointed out, it might be a drop in the bucket compared to possible violation fines. GDPR violations could cost a company as much as 4 percent of global sales or $20 million euro, whichever is greater.
Obviously, the next step is to decide how to use the money you are setting aside. In the U.S., 9 percent of firms surveyed have purchased new technology for GDPR compliance. The same is true of 10 percent of firms in the U.K, according to the Hastings results.
Consult General Counsel
Between the two countries, there is more of a divide when it comes to legal counsel and outside staff. While 82 percent of U.K. businesses have allocated money for third-party counsel, 22 percent of the Americans surveyed had no budget for outside counsel. But Americans are putting aside between $500,000 and $1 million for additional staff to cope with GDPR, according to Hastings.
Regardless, general counsel can help organizations determine their weaknesses and recognize their legal obligations under GDPR. This will help you determine what technology might be a good fit for addressing your GDPR needs.
Let MediSpend Lend a Hand
We have been tracking GDPR from the start. We can help you map your data and whatever information you have compiled on clients and employees that might require being GDPR compliant.