Have you heard about the “GDPR” and what it means for IT?
The National Convergence Technology Center (CTC) hosts quarterly web meetings of its Business and Industry Leadership Team (BILT) to keep educators connected with current state of the IT workplace. To that end, faculty and administrators from the 64 schools in the National CTC’s “Convergence College Network” (CCN) are always invited to the web meetings. One of the most popular features of those web meetings is a discussion that explores the question “Where is IT going next?” Educators can’t keep curriculum current in an industry that changes as fast as IT does unless they understand future trends.
At a recent BILT meeting, the business experts discussed the European Union’s General Data Protection Regulation (GDPR). It’s a little-known law that will likely have a big impact on IT departments in companies around the world. The EU passed the law in 2016 and allowed EU companies a two-year grace period to become complaint. That period ends in May 2018, at which point the law will be enforced. The GDPR offers a sweeping reform of privacy, specifically the way companies must manage and protect “personally identifiable information” (PII). Some of the provisions of the GDPR include mandatory security breach notifications; the right for individuals to access their data owned by companies; the right of individuals to have their data erased; and the creation of a new job title at companies: the Data Protection Officer. Penalties for non-compliance will be stiff. Companies that don’t follow GDPR could be charged a fine of 4% of their revenue or 20 million Euros, whichever is greater. These laws apply not just to companies based in the EU, but also to any company that does business with the EU.
For that reason, the GDPR has potential impact in countries all over the world. Imagine a German citizen going to a hospital in Idaho. That citizen is covered by the GDPR and the Idaho hospital will need to comply as well if the patient wanted his records erased or given to him in full for his return back to Germany. It’s therefore possible that the GDPR rules become standardized all over the world. Just as business and industry need to start preparing for GDPR, educators should also be aware of the GDPR provisions and the way it might impact IT students and the companies where they’ll soon be employed. The implementation and compliance of GDPR will fall to IT departments (cloud networks are not exempt from GDPR).
A recent Information Age article about GDPR preparedness suggests that companies in the EU are not ready. Here are some highlights:
- 6% of businesses say they are prepared
- 98% believe that data protection is important, but 46% don’t have data protection policies
- 63% either don’t have the budget for data protection or don’t know if they have a budget for it
- 34% have put their IT departments solely in charge of data protection (57% will share the responsibility across the entire organization)
To learn more about GDPR and its impact in the U.S., read these articles form PCMag and Forbes.