In May, the EU implemented GDPR – a new regulatory law that governs the privacy of EU citizens’ information.
“One of the biggest mistakes that South African businesses make is believing GDPR is not relevant to them,” said regional manager of Micro Focus Brett Skinner.
He added that even if your business is not situated in the EU, if you have European customers, you need to implement GDPR.
Benefits to customers
According to Micro Focus pre-sales specialist Stephen James Smith, GDPR provides notable benefits to customers.
“Given the number of news articles about identity theft, data breaches, and fraud, customers are right to be concerned about what companies do with their private and confidential information,” said Smith.
“GDPR is intended to make this data more secure and also help the customer in their right to be forgotten.”
This doesn’t just apply to new data, according to EMEA head of business development at Micro Focus, Filipe Pinto Ribeiro.
“You need to explain the purpose of the personal information you are gathering,” he said. “And in many cases you need to get consent to gather, keep and use personal data.”
He emphasized that consent must be explicit, highlighting that this is one of the major changes from the previous privacy laws.
What happens if you don’t implement GDPR
If businesses fail to implement GDPR when required, they could face fines of up to 4% of their annual revenue. However, Ribeiro highlights that reputation damage can be much worse than this fine.
“A good example is Sony. PlayStation platform was hacked back in 2011 and 47k user identities were stolen. No harm was done – it was just a bunch of students that wanted to prove they could hack into Sony. Sony lost 30% of their market cap that week.”
There are a few common areas where South African businesses struggle to implement GDPR efficiently.
“One of the biggest mistakes businesses make regarding GDPR is thinking that all data is created equal and needs the same treatment,” said Smith. “GDPR does not mean that strong encryption and other security measures need to be applied to the whole data landscape.”
“Also, thinking of GDPR as a once-off tick box exercise is a mistake many businesses make. GDPR requires on-going discipline and commitment to compliance adherence.”
How Micro Focus can help
Smith said that Micro Focus is well-equipped to help its clients implement GDPR.
“Micro Focus solutions cover the Data Security, Information Management and Governance and Operations Security arenas,” said Smith.
“We can begin by helping the customer understand GDPR and its requirements, then understand what their readiness is in terms of GDPR compliance is and help them work out and implement a roadmap to compliance achievement.”
Learn more about GDPR here: https://www.gdprbeyond.com.