In preparation for the upcoming GDPR regulation, the ICO have commissioned a media campaign to provide valuable information to consumers on what it means for them.
Although the details of the campaign are still being ironed out, we know that it will be run in April under the banner “Your Data Matters,” will have a logo, strapline and aim to visually tell a story of data protection. The aim of the campaign is to educate the general public on what the goals of the GDPR are and what rights the general public have over their data. The ICO have stated that the campaign will aim to increase the public’s “trust and confidence” in how organizations use their data.
The ICO justified the need for the campaign after research in 2017 found that only 20% of the public are confident that organizations store and handle their data in trustworthy ways. Even more worrying is that a measly 8% of respondents believe that know how their data is being made available to others.
One impact of this campaign could be that once awareness is raised as to the rights people have over their data, organizations could see a significant rise in the number of people who choose to exercise their right to be forgotten.
The Right to be Forgotten
Also known as “The Right to Erasure”, this principle states that anyone can request that an organization delete their personal data if there are no convincing reasons to keep it. A lot of emphasis is being placed on consent as one of the main reasons why organizations can store data. Consent has to be explicit when given, but now the public will be aware that it can also be withdrawn. There are many other conditions that could lead to how this right is triggered. If you want more information on how the “Right to Erasure” works, check out our earlier article.
How to Get Ready for GDPR
With the number of people expected to exercise their rights under the GDPR set to increase, it’s important that organizations ensure they are compliant with the new mandate. The general public should be confident that organizations are handling their data in a secure and responsible way if they do consent to having it stored.
There’s no “one size fits all” solution that will enable you to meet all the requirements of GDPR. In order to do this, you’re going to have to shop around and create an environment of complementary software.
One solution that you will certainly want to take a look at is LepideAuditor. This auditing and monitoring software comes pre-packaged with reports that are designed to meet some of the data handling and processing related chapters and articles.
For example, in Chapter II, there are numerous Articles related to the processing of personal data. LepideAuditor enables you to audit accesses made to critical files and folders containing personal data and track user permissions. The solution also reports on Historical Permissions in Active Directory, File Server and Exchange Server as well as current effective permissions of users on shared files/folders in the File Server. Alerts on critical changes related to personal data can be delivered in real time and, if you detect a change that is unauthorized or unwanted, you can restore the environment back to its original state.
For more information on how LepideAuditor helps prepare for GDPR, visit our website and start your free trial of the solution today.