Articles

Top 5 Information Governance Challenges: Keeping Up-to-Date

By Bob Larrivee, Vice President and Chief Analyst of Market Intelligence, AIIM
Produced in Partnership with Canon Business Process Services
Available for download with permission.

This is the first article in a series adapted from the AIIM eBook titled, Minimize Business Risk that focuses on five key areas Information Professionals and business leaders can teach employees in regards to the the importance of IG and align the organization to support your IG initiatives, policies, and practices.

Do your executives know what the GDPR is and how it will impact your business? 

The General Data Protection Regulation (GDPR) passed in 2016 by the European Union (EU) is due to be enforced in May 2018. The main focus of this regulation is on how Personally Identifiable Information (PII) is managed and protected, who is responsible for it, and how and when it is to be destroyed.  

One of the concerning things that we learned is many companies feel the GDPR is not something they need not be concerned with as they are not headquartered in the EU. This could not be more untrue. If a business operates in the EU, it is in fact held accountable to comply with the GDPR, the same as a financial business from Europe operating in the United States would be help accountable to comply with U.S. regulations. This means your information governance framework must address the GDPR requirements. In order to do so there are a few things you need to ask:

  • Are there mandatory requirements that need to be addressed immediately?
  • What are the requirements and how can I be sure my company and I understand them and work to meet them properly?
  • What steps should we take now to prepare for and maintain compliance?

“Twenty-one percent of businesses polled, feel their executives have little awareness (13%) to no idea (8%) of what the GDPR is, indicating for these businesses, it will be a struggle over the next several months, should they decide to take action.” 

The most effective approach to keep up to date is one that is proactive and forward thinking rather than reactive and short sighted. 

Are there mandatory requirements that need to be address immediately? 

GDPR states the need for a Data Protection Officer (DPO), so one of the first things you can do is hire or identify the qualifications and assign a DPO to your staff. 

What are the requirements and how can I be sure my company and I understand them and work to meet them properly? 

Read the GDPR to better understand its requirements. It’s best that this be done by and with corporate legal counsel. http://www.eugdpr.org 

What steps should we take now to prepare for and maintain compliance? 

Formulate a framework based on the guidelines and use this to develop your policies and processes. Then educate your employees on the new procedures and how to follow them. 

Closing Thoughts

While it may seem a daunting effort to keep up-to-date with all of the latest legal and regulatory guidelines, it is essential for your business that you do so. In the case of the GDPR, fines can run up to four percent of annual revenue for non-compliance. So why take the risk? 

There are many resources available to help if you do not have the expertise available in-house. There are consultants, contractors, and even closer than you may think, your solutions providers. These are folks who work with their customers every day to ensure their business needs and requirements are met, and have been involved in many operations worldwide. Seek their advice as well. You can also download the latest eBook on this topic titled “Minimize Business Risk – Top 5 Information Governance Obstacles You Must Tackle Now” to get some great insight on steps you can take today. 

Ready to Advance Your Business?

CONTACT US