Think the GDPR is like Y2K? Think again!

GDPR fine

The 25th of May 2018 has come and gone and most people are asking, “what about all the massive fines we were expecting to hear about?” or, “the GDPR was just another Y2K, there was a lot of hype but we’ve yet to hear of any enforcements, planes didn’t fall out of the sky” etc.

Be warned, just because we haven’t heard of enforcements and fines yet, doesn’t mean they aren’t coming.  An interesting article reported by the IAPP, based on feedback from Data Protection Authorities (DPAs) and rights groups, states that complaints and breaches reported to the DPAs/Supervisor Authorities have to go through a process which can take months before an enforcement is issued, with some DPAs stating they could take a minimum of six months from when the event is reported to when the fine or enforcement is issued. [see full article here].

In July, the Irish Data Protection Commission reported a significant increase in the number of data breach notifications they received since the GDPR came into effect [see here].   This isn’t surprising, given that the Accountability framework in the GDPR requires data controllers to report data breaches to the DPC within 72 hours of becoming aware of them.  Once received, the DPAs have to investigate and respond to each one.

So in applying the minimum six month wait time to these, the earliest we should be expecting to get news of fines and other enforcements such as an order to cease all processing, would be Dec 2018 timeframe.

Ensuring we can demonstrate compliant processes and put appropriate safeguards and technical measures in place to protect us from the most common data breaches reported by the DPAs, such as sending data to the wrong recipients, is the action we need to take if we haven’t already, because the GDPR is the law and unlike Y2K it isn’t going away.

To find out how Wizuda can help you avoid some of the most common data breaches – see here.

the challenge - wizuda case studies

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be  considered:

  • Geographically dispersed stakeholders
  • Highly commercially sensitive documentation
  • No internal IT involvement
  • Multiple stakeholders required to collaborate on
    single documents
the solution- wizuda case studies

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish 

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly

Quick Contact