Organizations are at very different stages in their GDPR journeys. A few have it all covered. Some might have only woken up to the realization that the May deadline is in less than 100 days.
Recently we had the great pleasure of hosting leading data protection & privacy attorney Eija Warma on our Finnish podcast “Kyberykset”. F-Secure’s cyber security experts Tuomo Makkonen and Marko Buuri interviewed Eija about the key benefits and challenges associated with the GDPR and picked her brain for tangible tips to ensure a smooth preparation process.
A New Way of Thinking
Warma says GDPR calls for a new way of doing things. Thus, it is not a project with a beginning and an end. Proper data privacy adherence is a continual process and must be embedded in each organization’s way of thinking. The GDPR deadline is actually a great chance to evaluate which of your day-to-day operations are eligible. Are you collecting data just for the sake of collecting data? Are you using systems that are not really needed? Make no mistake: the GDPR, approached correctly, can give your company a boost in productivity, focus and efficiency.
The value of data
Data is relevant for every company. However, you should think about data’s actual value for your business. Eija Warma suggests approaching the topic from the point of view of risk potential. How severe is the risk of losing sensitive data? Your selected actions and investments should be based on proper risk assessment, not generic guidelines. You know your business best. You shouldn’t expect an outsider to come and tell you what to do.
Ambiguity or freedom to innovate?
GDPR allows a lot of freedom of action and includes only a few prohibitions. Warma says this may feel frustrating to many companies – GDPR is the biggest change in EU data privacy laws in more than 20 years, and there is a lot to figure out.
GDPR is not easy to read even for an expert, but Eija’s tips are very reassuring. It all comes down to understanding a few key concepts that form the core of the GDPR. The next step is to figure out what they mean for your company. Who are your data subject and data controller? What kind of actions are necessary in your case?
The core of the GDPR
The core of the regulation is simple: it aims to increase privacy for EU residents and to standardize the data protection laws across the European Union. Your goal is to adhere to these two targets as closely as possible. Focus on the essentials, do your homework and rebuild your business as a truly privacy-mindful entity. We guarantee you: not only will you save time and money further down the line, but your customers and partners will be more grateful than you can ever imagine.
Doing things the old way is not always the best way. Keep things simple, and have successful GDPR preparations!
If you happen to understand Finnish, be sure to listen to the very first Finnish cyber security podcast “Kyberykset” with our expert consultants Tuomo Makkonen and Marko Buuri. Enjoy!