Contact
QR code for the current URL

Press release Box-ID: 850724

Gartner UK Ltd Tamesis, The Glanty Egham TW20 9 Surrey http://www.gartner.com
Contact Ms Melanie Bock +49 89 99837015
Company logo of Gartner UK Ltd
Gartner UK Ltd

Gartner Says Organisations Are Unprepared for the 2018 European Data Protection Regulation

Analysts Identify Five High-Priority Actions for Data Controllers and Processors Inside and Outside of the European Union

(PresseBox) ( STAMFORD, Conn., )
The European General Data Protection Regulation (GDPR) will have a global impact when it goes into effect on 25th May, 2018, according to Gartner, Inc. Gartner predicts that by the end of 2018, more than 50 per cent of companies affected by the GDPR will not be in full compliance with its requirements.

"The GDPR will affect not only EU-based organisations, but many data controllers and processors outside the EU as well," said Bart Willemsen, research director at Gartner. "Threats of hefty fines, as well as the increasingly empowered position of individual data subjects tilt the business case for compliance and should cause decision makers to re-evaluate measures to safely process personal data.

The GDPR replaces the Data Protection Directive 95/46/EC and is designed to support the single market, to harmonise data privacy laws across Europe, to protect and empower European Union (EU) citizens' data privacy and reshape the way organisations approach data privacy for EU citizens wherever they work in the world.

Gartner recommends organisations act now to ensure they are in compliance when the regulation goes into effect. They should focus on five high-priority changes to help them to get up to speed with GDPR requirements.

1. Determine Your Role Under the GDPR Any organisation that decides on why and how personal data is processed is essentially a "data controller." The GDPR applies therefore to not only businesses in the European Union, but also to all organisations outside the EU processing personal data for the offering of goods and services to the EU, or monitoring the behaviour of data subjects within the EU. These organisations should appoint a representative to act as a contact point for the data protection authority (DPA) and data subjects.

2. Appoint a Data Protection Officer Many organisations are required to appoint a data protection officer (DPO). This is especially important when the organisation is a public body, is processing operations requiring regular and systematic monitoring, or has large-scale processing activities. "Large scale" does not necessarily mean hundreds of thousands of data subjects.

3. Demonstrate Accountability in All Processing Activities Very few organisations have identified every single process where personal data is involved. Going forward, purpose limitation, data quality and data relevance should be decided on when starting a new processing activity as this will help to maintain compliance in future personal data processing activities. Organisations must demonstrate an accountable ground posture and transparency in all decisions regarding personal data processing activities. Outside parties must also comply with relevant requirements that can impact supply, change management and procurement processes. It is important to note that accountability under the GDPR requires proper data subject consent acquisition and registration. Prechecked boxes and implied consent will be largely in the past. A clear and express action is needed that will require organisations to implement streamlined techniques to obtain and document consent and consent withdrawal.

4. Check Cross-Border Data Flows Data transfers to any of the 28 EU member states* are still allowed, as well as to Norway, Liechtenstein and Iceland. Transfers to any of the other 11 countries** the European Commission (EC) deemed to have an "adequate" level of protection are also still possible. Outside of these areas, appropriate safeguards such as Binding Corporate Rules (BCRs) and standard contractual clauses (i.e., EU "Model Contracts") should be used. EU-based data controllers should pay specific attention to new mechanisms under the GDPR when selecting or evaluating data processors outside the EU and ensure appropriate controls are in place. Outside of the EU, organisations processing personal data on EU residents should select the appropriate mechanism to ensure compliance with the GDPR.

5. Prepare for Data Subjects Exercising Their Rights Data subjects have extended rights under the GDPR. These include the right to be forgotten, to data portability and to be informed (e.g., in case of a data breach). If a business is not yet prepared to adequately handle data breach incidents and subjects exercising their rights, now is the time to start implementing additional controls.

Gartner UK Ltd

Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior information technology (IT) leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to supply chain professionals, digital marketing professionals and technology investors, Gartner is the valuable partner to clients in more than 11,000 distinct enterprises. Gartner works with clients to research, analyze and interpret the business of IT within the context of their individual roles. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has almost 9,000 associates, including 1,900 research analysts and consultants, operating in more than 90 countries. For more information, visit www.gartner.com.

The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2022, All rights reserved

The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.