by Ramona Carr

Is GDPR the Y2K of 2018?

As the year 2000 approached, people across the globe prepared for the end of the world. Even Time Magazine ran a cover story on the Y2K (Year 2000) bug and the fate of the earth. Around the world, programmers worked extra hours patching applications that had used only two digits to represent the year. The public feared that when 2000 rolled around, computers would shut down, elevators would plummet in their shafts, and planes would fall out of the sky. People stocked up on Spam and holed up in bunkers.

Fortunately, the predictions of disaster were wrong. Some calculations may have failed, but thanks to hardworking technology teams, there was minimal impact on the public.

Fast forward to May 2018. There’s a potential new information technology crisis on the horizon that’s comparable in scope to Y2K. The general public is less aware of the European Union’s General Data Protection Regulation (GDPR) than it was of Y2K, but the issue is similarly broad in scope. The rules apply to any business that collects personal data from EU citizens, no matter where that business is located; political and geographic borders are irrelevant. If an EU resident so much as signs up for your company’s newsletter, the rule applies to your business. For technology teams, the effort required to bring systems into conformance with GDPR may even exceed that of handling Y2K. Forbes has called GDPR “the most intrusive technology regulation ever.”

GDPR defined

So, what is GDPR? GDPR is enhanced legislation for EU citizens that aims to strengthen and unify their data protection rights (regardless of their country of residence or the location of the company holding their data).

The complex legislation will go into effect May 25, 2018. The goal of GDPR is to give individuals greater control over their personal data. It’s core principles request that organizations:

  1. Obtain and process personal data fairly
  2. Use the data for a specific purpose only
  3. Keep the data secure and up to date
  4. Delete the data once they’re done with it

The EU is backing up its demand for this level of data protection with fines potentially as high as 20 million euros or 4 percent of an organization’s global revenue — whichever is greater.

Don’t ignore GDPR

GDPR may turn out to be a non-event like Y2K was, but as with Y2K, the media is dramatically predicting doomsday. Businesses are anticipating a major impact requiring extensive resources and finances to mitigate. As the clock ticks down to May 2018, tensions are likely to rise.

Unlike the Y2K catastrophes predicted for January 1, 2000, a GDPR meltdown won’t occur at the stroke of midnight. Regulators will have to be aware of any violations before they can levy a penalty. That doesn’t mean you can ignore the mandate or expect to hide your status. The Office of the Data Protection Commissioner, which will enforce GDPR, has said companies that demonstrate they’re attempting to comply will be treated differently than those that simply ignore the law.

Start by identifying where and how your data use is impacted by GDPR. Ask:

  • How does your organization obtain, use, store, share and delete personal data?
  • Do you request users’ consent before you collect data? To comply with GDPR, you must inform users of the reason for acquiring data, how long it will be kept, and the users’ rights to access it. You must receive freely given, informed affirmative consent to collect and use the data and give users the opportunity to withdraw their consent.
  • Are you able to identify and share with users the data you’ve collected about them?

Reduce your risks by minimizing any retained data and ensuring it’s kept secure. Take time to:

  • Clean your data stores, deleting unnecessary data.
  • Implement strong security measures, including anonymization and encryption.
  • Perform regular systems tests.
  • Learn how to identify and respond to a data breach. GDPR requires breaches to be reported within 72 hours.

Zettaset’s data encryption solutions are optimized for today’s demanding distributed computing architectures, offering unmatched performance and scalability while fitting into existing enterprise IT security frameworks like GDPR.

The clock is counting down to May 2018. Make sure you’re prepared. Learn more about how Zettaset can help you thrive under GDPR, and request a demo of our encryption solutions here.