GDPR’s Far-Reaching Impact: Ripples From Across the Pond


As we head into the new year and plan our 2018 priorities, it’s probably a safe bet that almost every planning calendar has a circle around one date – May 25, 2018. If it’s not on your calendar, chances are it should be and here’s why. This deadline for GDPR compliance will impact any organization that handles European citizen data. And here’s the catch – that could be any of us. It’s not just data companies or retailers. It runs the width and breadth of all industries, regardless of location or size. If you do business with EU customers, you will need to comply with rules pertaining to how the privacy of their data is protected.

At the very least, getting up to speed on the fundamentals of GDPR is critical. Now is the time to learn exactly how GDPR will or will not affect your organization, and now is the time to start putting a compliance plan in place.

But where to begin? Any research around GDPR yields a vast avalanche of results. What makes the research process even more confusing is that the rules will impact various organizations in different ways, depending on the sensitivity of the data handled and how that data is used.

There are five key tenets of GDPR compliance:

  • Assigning a Data Protection Officer (DPO)
  • Data breach notification
  • Privacy-by-design and by-default
  • Extraterritorial compliance
  • Risk Management documentation

Understanding what each of these mandates mean for your specific business will take some groundwork. It will also likely involve engaging with partners outside of your organization including law firms, regulators, PR firms and cyberinsurance providers.

Fortunately, there are resources available to help you navigate this new terrain. Plan to invest some time and energy into learning about GDPR in the coming year. Look for courses and experts whose knowledge you can rely on to help you fill in the gaps and put together a solid plan. When regulators start enforcing the rules in 2018, our prediction is we’ll start seeing staggering fines dramatically impacting businesses around the world. Being proactive will pay large dividends in helping to keep your organization out of the fray.

CyberDefenses is an official International Association of Privacy Professionals (IAPP) training partner and has teamed up with Privacy Ref to deliver the GDPR Training Program in Boston, MA and Austin, TX. Sign up for the full four-day course or register for only a two-day segment. The course is designed for anyone who needs to know how to comply with GDPR regulations.  If you decide to go further and seek certifications, you’ll also be able to take exams for the IAPP CIPP/E and CIPM designations as well as seek to become a qualified Data Protection Officer.

About the author

Damon Fleury

Damon Fleury serves as the Chief Technology Officer of CyberDefenses, Inc. He is responsible for technology selection, research and development across the range of security services offered to CDI customers. Prior to CyberDefenses, Damon spent over two decades in engineering, product management and senior leadership roles, with a heavy focus on networking and cybersecurity. In addition to his work within CyberDefenses, Damon is also very active in the cybersecurity start-up community. As a Managing Partner within Manifest, Damon helps enable the cybersecurity community to support the growth and success of Austin-based security startups.