3/5/2023 0 Comments The privacy proSo for many, it may be a case of acquiring budget before progress toward compliance.īut it’s not necessary to wait for the funds to roll in before taking steps toward compliance, Trehaarne-Jones said, including briefing the board and senior management. Treharne-Jones said TrustArc’s research found 4 0% of companies would allocate budget toward the GDPR once the change had passed but before it went into effect. “The first thing I would do is to put together a cross-functional team the privacy office, inside or outside counsel, IT and compliance to create an understanding of what the plan will be over the next 18 months to two years to begin implementing those changes,” Siegel said.ĭirector of TrustArc’s consulting group, Eleanor Treharne-Jones, CIPP/E, agreed that a good place to start is to meet with the privacy management committee, if there is one, to establish the kind of initial work that should be done and who should be briefed first. “I think people now are going to have to realize it’s a reality and address those requirements,” he said. “Start looking at what the impact to business is going to be,” he said. Privacy strategist Bob Siegel, CIPP/US, CIPP/C, CIPP/E, CIPM, CIPT, president of Privacy Ref, says that’s exactly what he’ll tell his clients: Get moving. First, businesses should figure out if they’re subject to the law to begin with, and then get to work remediating. Lee said the changes will be most difficult for companies that have been outside the scope of the existing Directive. “With the threat of fines up to four percent of global turnover looking large, no one wants to be caught out.” Difficult Changes Ahead for Companies Outside of Existing eDirective “The significant nature of the changes, from revising internal policies, procedures and notices, to appointing DPOs, to instituting data breach management notices, to revising contracts, really means that companies need to being planning now,” he said. ![]() While Parliament and the Council still have to formally adopt the text and implementation will come two years after that, what must happen now for some companies is no small feat. “With the threat of fines up to four percent of global turnover looking large, no one wants to be caught out.” Field Fisher’s Phil Lee, CIPP/E, said The text is here, and the time to move is now. The GDPR is Here: the Time for GDPR Compliance is NOWįor those who’ve been closely watching the various iterations of the text in the three years since draft one entered the scene, there may be a few surprises-though the change in age for children’s consent to 16 was a doozy, wasn’t it? Whether you’ve been glued to the news or this is the first you’ve heard of the regulation, veterans in the field agree the time to daydream is over.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |