Posted: March 20th, 2017 3:03pm +00:00

General Data Protection Regulation (GDPR) – what it could mean for the Risk Management professional

Organisations such as Sony, Yahoo and Sports Direct can attest to the reputational damage that results due to data security failures. The knock on effect of these failures is even greater for the private citizen whose personal information is now  potentially available for fraudulent use. The GDPR is rightly aimed at reducing the likelihood of such events.

 

There have been many articles written on the subject of data protection over the last few years as the EU moved inexorably towards completing the regulatory framework. Organisations that will be impacted by this regulation, by virtue of their use of personal data, now have until May 2018 to put their houses in order.

 

The GDPR recommends taking a “risk-based” approach to data protection which capitalises upon many of the best practices that are already in existence concerning data security. It also aligns this essential regulatory framework to existing risk management strategies. The regulation does this by encouraging organisations to put in place measures that correspond with the level of data processing that they undertake. High risk, medium risk and low risk classifications are used based upon the likelihood and severity of the impact of an event.

 

Failure to comply with the GDPR can result in significant penalties, 4% of annual turnover or £20M whichever is higher. The fact that the UK will not be in the EU in the next 2 – 5 years doesn’t mean that UK business don’t need to comply. If your organisation holds, processes or has access to EU citizen data then compliance is required.

 

So how does this affect the risk professional?

 

No one generally denies that risk management is a good idea but when it comes down to it, some stakeholders are reluctant to participate. Similarly, management, although appreciative of the benefits of robust risk management often relegate it further down the corporate agenda than perhaps they ought.

 

The GDPR provides the modern risk practitioner with a vehicle to leverage the need for greater enterprise risk management. To move it from a perceived “nice to have”, to something far more tangible and strategic. In addition, the skillset mastered by the Risk Manager is also ideally suited to the collaborative working that will need to be in place if compliance with the GDPR is to be achieved. So this is an opportunity! Drive forward risk management, get the business to re-engage and demonstrate the value to be accrued from taking it seriously.

News you might like
Recycle week 23-29 September

For many people, the environmental impact of the use of plastic was only made significantly apparent as a result of…

Read more
CORE admin training – Session 2

Thursday, 17 October 2019: 10 am – 11 am   CORE Register Settings – Preferences, general, record display options, control…

Read more
CORE admin training – Session 1

Thursday, 10 October 2019: 10 am – 11 am Back to Basics – Logon, forgotten password, change your password, logging…

Read more

JCAD will subscribe you to our newsletter . Please see our updated privacy policy for more information regarding the use of your data. You can unsubscribe whenever you like through the preferences option on the newsletter.