So many organizations that claim to be able to prepare you for GDPR have been staunchly warning of the risks of non-compliance. Up until recently, we believed this was more of a scaremongering tactic than anything that held any real weight. We’ve all heard the lofty figures that organizations could be fined (up to €20 million or up to 4% of global annual turnover, whichever is higher) but many of us refused to believe that this would be enforced.
Well, if the ICO wanted to send a message in January about the severity of the GDPR, they have certainly succeeded. January saw a record of £1.7 million in fines handed out to nine companies, compared to a total of just under £5 million in the whole of 2017. To hammer this home, this figure represents an increase of 312% more than the average monthly figure in 2017. The sector most affected was financial services, claiming nearly half of all the fines in January.
What Does This Mean For GPDR?
Well, over the course of 2016 and 2017 the ICO were fairly stingy with their fines. In many cases, the ICO chose to issue warnings, or smaller fines, as opposed to the maximum fines they were within their rights to issue. However, it certainly seems as if the ICO want to issue a warning in the first month of 2018. If you’re not prepared to meet the stringent requirements of GDPR, the ICO are not going to let it go lightly.
How to Avoid GDPR Fines
Getting ready for GDPR involves many different departments in the organization working to ensure that the personal data of consumers is stored and processed in a responsible way. From the marketing department, this means ensuring that consent to share details is explicit, customer profiling isn’t too invasive and that privacy policies are reviewed (amongst much more).
From an IT perspective, things start to get a bit more complex. Most organizations will find themselves needing to employ a Data Protection Officer (or at least appoint someone with this responsibility from within the organization). Most of the IT related sections of GDPR can be met with a stringent and proactive auditing strategy. Unfortunately, native auditing simply isn’t cut out for this task, as it is both noisy and time consuming. If you really want to ensure that you are GDPR compliant, you’re going to have to implement a third-party solution, or a combination of solutions.
How LepideAuditor Helps Meet GDPR
Many of the Chapters and Articles in the GDPR relate to how IT teams handle data. For example, Chapter II – Article 5 is named; Principles Relating to Personal Data Processing. You can meet this compliance demand by being able to prove that personal data is secure, processed lawfully and protected against accidental deletion. LepideAuditor, our auditing and monitoring solution, audits access made to files/folders containing personal data, tracks both current and historic permissions, and also allows you to reverse unwanted changes (effectively enabling you to protect against accidental deletion).
There are numerous other ways LepideAuditor deals with GDPR, but we don’t expect you to read through all of the chapters (it doesn’t make for very interesting reading…). Fortunately, we made our internal GDPR expert do just that, and combine the information into one web page. So if you want to see in more detail how LepideAuditor helps meet GDPR compliance, just visit our site today!