The regulation was certainly the subject of the year! GDPR profoundly changed the way enterprises treated data, including enterprises of the CAC 40 (the French stock market index) as well as SMEs. Overall, we can see that the enterprises began making several changes to adjust to GDPR:
It is now required to declare any personal data violations that may cause risk to individuals within 72 hours to the CNIL. Upon receipt, the CNIL will investigate the alert and may close your file or require you to inform the individuals concerned in accordance with certain criteria.
Visit https://www.cnil.fr/en/rights-and-obligations for more information.
The implementation of Data Protection Governance
Few enterprises had true governance around data protection before GDPR; they were entrusted to the legal department or company data protection agents. But ever since the regulation, as per the latest IAPP-EY annual report, over 50% of enterprises have set up an organization dedicated to data protection. According to the CNIL, they have more than 15,000 Data Protection Officers (DPOs) compared to 5,000 company data protection agents before GDPR.
Updating privacy policies
The majority of enterprises also had to proceed with revising their privacy policies and legal notices. However, they also had to update their supplier or partner contracts with new data protection clauses. The tidal wave of mail in our mailboxes all around May 25th was certainly proof of GDPR’s importance!
Finally, maybe you’ve noticed that within your enterprise, raising awareness on data protection between collaborators has become important, whether they are e-learning modules, training courses, or various internal communications.
To protect themselves from huge fines (up to 4% of revenue or €20 million) enterprises are going to have to continue adapting to GDPR. The data authorities, like the CNIL, were very lenient in 2018 and thus are more strict in 2019. It is also imperative that enterprises acclimatize to regulations, both in Europe and The United States.
GDPR itself is a 2019 trend; it will soon be considered a global standard. For example, U.S. Senator Ron Wyden of Oregon recently introduced the Consumer Data Privacy Act. Countries like Japan, South Korea, and Tunisia have also adopted regulations similar to GDPR. Mick Levy, Business Innovation Director at Business & Decision said, “Data is an enterprise’s asset, like its human capital or its means of production. We must give ourselves the means to exploit and protect it.” (orange-business.com)
How to implement data governance while adapting to GDPR?
As mentioned above, good data governance is nowadays obligatory to properly organize, search, retrieve, and protect data. Zeenea offers you a data catalog that is capable of centralizing your enterprise’s data knowledge in one intuitive platform to help you become a data-driven enterprise and to construct data governance in an agile and lean start-up mode.
For more information or to request a demo: https://zeenea.com/fr/contact/