More than compliance with a regulation, companies should embrace GDPR as a mechanism that builds customer confidence in digital products & services.
Is Your Enterprise GDPR ready?
The GDPR law is intended to restore a legal framework for the handling, processing and use of data associated with identifiable personal data.
Is My Enterprise Affected by GDPR?
Many small companies think that GDPR only applies to large corporations like Facebook or Google. That is absolutely untrue.
GDPR applies to all companies; small or large, as longs as that company’s business requires collection of personally identifiable data. The collection of data can be electronic collection or physical paper forms of collection. GDPR applies to all.
For example, in many African countries, governments, banks and even private company’s alike routinely ask people for birth certificate, your ID card, or their eclectric or water bill. All those are personally identifiable data and are protected under GDPR. And hence, those entities must comply with GDPR.
It is fairly simple: If you collect (save, use or transmit) personally identifiable data of people who are members of the European Union, you must do so while respecting the GDPR regulation. There is no exception for small or large enterprise. However, there are levels of compliance based on the type of personal data used. For that reason, a small company will probably not be scrutinized to the same level as a multi-national.
How to Comply with the Rules of GDPR ?
The process of complying with GDPR is a complex one. The experts at Africa CyberSecurity Conference are available to assist during the conference and also off the conference stage.
One of the most important step for any company is to do an inventory of personal data that the company collect, store and process. The enterprise must ensure that it collects only needed to run its business and not collect more than needed to accomplish the business goal. For that to happen, there are few processes and principles to follow.
Those processes will be elaborated by our conferenciers during the many sessions devoted to GDPR at Africa CyberSecurity Conference in Abidjan on October 23rd to 26th of 2018.
Failure to Comply can be Costly
Under previous regulations; data processors were subject to liability for failure to comply with their contractual obligations to their controllers. They have not, however, previously been open to direct action by regulators or data subjects. This has all changes under GDPR.
Data subjects will be able to take action against processors and claim damages where they have "suffered material or immaterial damage" as a result of an infringement of the processor obligations under the GDPR. Potentially, processors will be liable both to the controller and data subjects for the same breach although there is a mechanism for apportionment of responsibility between controller and processor with respect to data subjects. Above and beyond damage claims from data controllers and data subjects, non-compliant data processors are also vulnerable to sanctions by the regulator. The penalties range from access and audit rights, to administrative orders and, ultimately, to fines of up to 4% of annual global turnover.