The implementation of the GDPR is now just a few months away and that means the time has come for every business to ensure that existing network infrastructures are compliant. The GDPR is an EU regulation that has been designed to tighten up data privacy and give individuals more control over the data that others hold on them. Unlike many other pieces of data protection legislation from years gone by, it has real teeth, including fines of up to 4% of annual global turnover or €20 million, whichever is the greater. So if your network infrastructure isn’t GDPR compliant – or you’re not sure whether that’s the case – now is the time for action.
GDPR compliance for network infrastructure
There are some key questions for every business to consider when it comes to ensuring that your network infrastructure is GDPR compliant:
Can you track data lifecycles? If data arrives in your network and then disappears you could face serious problems with the GDPR. The new regulation places a responsibility on businesses to be able to report on how data is being used, how it is leveraged, collected and edited. Is your current network infrastructure set up to enable this or are changes likely to be required?
Do you have transparency on consent? Changes to the way that data is collected must be reflected throughout your network infrastructure if you want to ensure GDPR compliance. For example, if you’re dealing with minors then you must make sure that you have consent from an appropriate adult. Obtaining any consent must be as a result of an affirmative action by the data user – and it must be freely given, specific and informed. Does your infrastructure have measures in place that would enable you to demonstrate you’re doing all of this?
Can you “forget” data? The Right to Be Forgotten is another pivotal part of the GDPR and basically gives individuals the right to request that all data about them is completely deleted. Not hidden or marked “do not contact” but deleted completely. This could be a serious challenge for many IT infrastructures.
Are you able to action requests? Subject Access Requests are another right granted by the GDPR that enables individuals to request access to any data that you hold on them. For many businesses, compliance with this part of the GDPR will require a rethink on data storage within a network infrastructure.
Is your network secure? Data security is becoming even more important than it used to be with the arrival of the GDPR. Data breaches will have to be reported within 72 hours and you may also have to notify those who are affected that this has happened while their data was in your hands. So, there could be serious reputational and relationship consequences to a failure to comply with the increased need for data security.
To find out how we could help you improve your network infrastructure ready for the arrival of the GDPR contact a member of our team.