The new GDPR, General Data Protection Regulation, will impose more rigorous standards on the handling of personal data, and may often entail major changes for companies in terms of IT systems.
Companies must promptly begin reviewing what personal data they process and cataloguing their systems in order to define what measures need to be taken. On a broad level, this may involve taking outdated systems out of operation, and establishing and implementing processes. The regulation within EU, which is adapted to today’s connected society, entails more and stricter rules than under the Swedish Personal Data Act. There will be more severe sanctions for violations than before, which may result in fines of up to EUR 20 million or 4 percent of global revenues.
Cybercom is helping its clients to gain clarity as to their current status and what must be done to achieve compliance before the regulation comes into effect in May 2018. Our information security consultants are collaborating with legal experts under an established process in order to assure clients’ systems based on the framework of the new regulation. Cybercom’s Compliance Portal enables companies to swiftly begin the important task of cataloguing their processes and IT systems that manage personal data.
Göran Dahlberg is the Head of Cybercom Secure Services. “We are in the process of cataloguing our own systems at Cybercom and helping numerous clients. It is important not to panic ahead of these efforts, despite being on a relatively tight timeline. It is a matter of pursuing long-term legal compliance and taking the right course of action from the beginning.”