CIOs Need To Adopt A Proactive Privacy-By-Design Approach

From a perspective of a business and its CIO, what exactly does GDPR compliance entail?

The General Data Protection Regulation (GDPR) is a revolutionary change as far as data protection is concerned. To my mind this is a de-facto gold standard globally and is one of the most advanced and strictest data protection regulations It has two fold objectives, one is that of accountability, where organizations are required to be more accountable by complying with GDPR and secondly enforcement – ensuring the member states rigorously enforce GDPR, else any non-compliance to GDPR will cost the business a penalty of up to €20 million or 4% of annual turnover. This is surely a heavy cost to pay, besides the impact on the stock value, loss of customer trust and erosion of brand value. Hence, the key focus of a CIO is to ensure compliance.

Now, to address as to what GDPR compliance entails, As per European Union General Data Protection Regulation, GDPR is a regulation that applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition encompasses personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people. GDPR not only applies to organizations located within European Union but also organizations outside the European Union who offer services/goods to/or monitor the behavior of EU data subjects.

How is GDPR implemented and enforced? What are the facets of information exchange that fall under GDPR umbrella?