Millennium JD Edwards

Telephone +44 (0) 845 604 4262 | Email info@millenniumconsulting.co.uk

gdpr

GPPR - 12 Months To Go

The deadline for EU General Data Protection Regulation (GDPR) compliance comes into force on 25 May 2018 and organisations need to be 100% compliant from day one. Data protection has become increasingly important as more than two billion records were stolen in 2016 and there have been 974 publicly disclosed data breaches during the first 6 months alone. Businesses that process and store data concerning EU citizens will need to undertake thorough checks to ensure GDPR compliance. They will be obliged to report data breaches within 72 hours and will be bound by more stringent rules for obtaining consent from individuals regarding how their data can be used.

The regulation covers the capture, control and consent for personal information use and is designed to protect the data rights of E.U. citizens so individuals will have more control of who has their data and how it is used. GDPR applies to any personal data within an organisation. It affects all types of organisations from social network sites, through to the financial services sector, retail, and healthcare.

GDPR is as much about process administration as it is about data security. Protecting and securing data isn’t necessarily about hiding it away; it’s also about making the data transparent, knowing what is being stored, storage location, storage purpose and who is responsible for it. After all, you cannot protect what you are not aware you have.

The first step organisations have to take is to assess the data collected, stored and processed and decide whether it is needed in the first instance. Where it is found to be unnecessary, then it should be possible to stop further collation and the deletion of historic data.

Some organisations may decide that processing personal data is so core to their business it should be maintained in-house. If this is the case then plans for GDPR should be well underway, with technologies such as encryption, tokenisation and DLP reviewed. Administrators must be accountable and should control data access. Good data governance can underpin GDPR compliance by defining enterprise-wide policies and business rules. If data can be found and understood, it can also be reported on, allowing organisations to provide evidence to regulators as and when required.

In certain instances it may be that data functions can be outsourced to companies specialising in data processing, meaning GDPR for that data will be their responsibility. Online retail and direct marketing are just two examples of areas that can be outsourced.

The enforcement of GDPR is now little more than a year away. Regardless of how organisations intend to address the requirements they should start taking the necessary actions. Regulators will issue significant fines from day one for none compliance and this will range from 2-4% of annual revenue.

If you need support/advice to ensure your organisation is GDPR compliant, Millennium Consulting is well placed to help. We’ve been assisting organisations with transformation project since 1995. Please contact Howard Page on 0845 604 4262 for further information.


GDPR Webinar - Monday 23rd October 1.30pm

There is a lot of mis-information and various myths circulating about GDPR, the new data protection and privacy law coming into force from May 2018. The ICO (Information Commissioner's Office) are equally frustrated by otherwise responsible broadsheet newspapers and "GDPR specialist" talking in terms of all organisations needing to get 'consent' (i.e. permission) from customers if the organisation is to be able to process their personal information. This is just not correct.

We also hear that all organisations will suffer €20m fines (or 4% global turnover, whichever is higher) if they are not compliant. If that were true, how come after 17,000 data protection investigations in the past 12 months, less than 0.1% ended up with a fine?

For the insurance industry, these and other items of fake news will be addressed in our upcoming GDPR Webinar - Differentiating Between Fact and Fiction, hosted by Sandy Gilchrist, who recently featured as a GDPR expert in the Business Leader magazine. If you work in health, life, general, or any other sector of insurance, or are a broker or agent, sign up and hear some really practical ways to comply with GDPR, and have the opportunity to ask questions that may have been nagging you for a while.

What we've seen is a new industry of "GDPR specialists" scaremongering to throw armies of consultants at the expense of their customers - this is unhelpful and unnecessary. Sign up to get a better understanding of what challenges actually lie ahead.

To register for this forthcoming GDPR Webinar please use the form to the right.

For details of the other webinars in this series, 'ask the experts', please visit the EVENTS page.

UJKOUG JDE17 Conference - ICC Birmingham Tue 5th, Wed 6th December 2017

If you are planning to attend the UKOUG Oracle conference JDE17 in December at the ICC then Millennium Consulting is delivering a presentation on GDPR and IFRS and how they affect JD Edwards customers and how to implement the requirements. The full event agenda can be found here.

*required