SMEs and privacy: watch out for the new Data Protection Regulation

From June 2018, the new General Data Protection Regulation wanted by the European Union comes into force. Here's what it implies for companies

It still seems like a very distant date, but it's better to move in time rather than being found unprepared and reduced to acting at the last second. In June 2018 (May 25, 2018, to be precise) the new General Data Protection Regulation of the European Commission will come into force.

The new rules, in fact, require companies to reorganize their internal policy for the management of both their employees' and users' or customers' data. The GDPR (General Data Protection Regulation) aims to strengthen the protection of privacy within the borders of the European Union, so as to give citizens full control of their personal data and unify the regulatory environment of the Old Continent. For Italian companies, in particular SMEs, the process is going to be quite heavy: the risk is to be found unprepared and be forced to pay heavy fines in case of data loss. On the portal of the Garante della Privacy, there is a guide that explains in detail how the GDPR works.

Sophos' suggestions for complying with the requirements of the General Data Protection Regulation

On the occasion of Data Privacy Day 2017, Sophos, a leading company in the IT security and data protection sector, provides companies with some suggestions for dealing with the next eighteen months in the best possible way and not being found unprepared for the appointment. First and foremost, don't patronize the problem: GDPR implementation will require the utmost commitment from both top management and employees. For this reason, it will be necessary to work hand-in-hand with HR to ensure that employees understand the measures in place to protect their personal data. When dealing with users, however, you need to pay particular attention to the information you collect: leveraging encryption to protect data stored on servers could be a solution that secures both the client-user and the firm. Finally, you need to be able to leverage the work you've done in the area of privacy protection: inform users of your actions and make them aware of your processes.