As the EU GDPR was coming into effect this year, there was much speculation as to how many companies were going to be prepared and compliant on May 25th. Many companies treated the GDPR as a project with an end date of May 25, 2018 when in fact, May 25 is the start date after which organisations must demonstrate an ongoing capacity to comply. Although there is no definitive data from authorities on the number of companies that have achieved compliance, it is no secret that the GDPR represents a challenge to all organisations doing business in EU member states. And the price for non-compliance is high. Fine amounts are as high as €20 million or 4% of global annual turnover, whichever is higher.1
It may be no coincidence, then, that in the first month after the GDPR came into effect, the UK’s Information Commissioner’s Office (ICO) saw the instances of self-reported breach increase almost fivefold.1 Under the EU GDPR, organisations have only 72 hours to report a breach to the relevant supervisory authority, if the breach is likely to pose a high risk of adversely affecting the rights and freedoms of data subjects.2 The ICO suggests that organisations should ensure they have robust “breach detection, investigation and internal reporting procedures in place.”2 Organisations are also expected to keep a record of all breaches, regardless of whether or not they are required to notify. And if they have made the decision that they do not need to report a breach, they need to be able to justify that decision and document it. Nymity’s Breach Tool Kit can help with all of the above activities.
If you are a privacy officer in an organisation subject to GDPR compliance, then your job became a lot more complicated in the days leading up to May 25th, and it likely has not abated. Pre-GDPR, Privacy Officers were already busy ensuring compliance with current laws and fielding privacy questions from management, internal business units and even customers. Building, managing, and maintaining ongoing GDPR compliance added to the already heavy workload. But there is help.
Help with GDPR Compliance
Forward-thinking organisations, like McGraw-Hill Education, are using the software solutions that Nymity provides to stay up-to-date on, and compliant with, the latest multi-jurisdictional privacy developments, including the GDPR. They see Nymity as the go-to source for a broad range of cost saving privacy research, as well as time saving ready-made resources.
Andy Bloom, Chief Privacy Officer at McGraw-Hill Education, comments, “I chose Nymity’s suite of software solutions, because I knew that they would help me control organisational privacy from the top, help me give others in the organisation the guidance they required, and put the research tools that I needed at my fingertips.” He continues, “I was thinking of all the different Nymity tools that would feed into that. Whether it was Nymity Research™ for information on-demand, Nymity Templates™ for building a new process, or Nymity Attestor™ for collaboration and accountability, I knew I needed assistance from the software front.”
Bloom did not come from a legal background. As an operations specialist, he chose Nymity’s tools to help him operationalise privacy compliance. He noted that the greatest value he derived from Nymity was the ability to get more done with fewer resources.
When it comes to GDPR compliance, nearly all Nymity solutions have GDPR Add-ons. Nymity also provides Nymity ExpertPIA™ and NymityExpertMapping. These tools help automate data protection impact assessments, Article 30 Records of processing requirements, legitimate interests assessment report, privacy by design reports and many more. The Nymity GDPR Implementation Tracker™ tracks national law developments. Nymity’s tools work together to simplify building and maintaining a GDPR compliant privacy program. And you can begin organizing and tracking your program with Nymity Planner™ to get the ball rolling.
It is far too costly to not be GDPR ready at this point in time, and it is not too late to start. As many privacy professionals and regulators have already stated, this is only the beginning. While some organisations may be in compliance with the GDPR, there are many others that are still struggling and striving for compliance. As time goes on, there will continue to be a learning curve for everyone. If you are ready to take better control of your GDPR privacy management, give us a call today. Over the past 15 years, we have helped thousands of privacy officers operationalise compliance.
- ITPRO, GDPR news: Facebook Data Debacle Pushes Brits to Make Use of Data Rights, 2018. http://www.itpro.co.uk/data-protection/28029/latest-gdpr-news-uk
- ICO, Personal Data Breaches, 2018. https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/