The GDPR is coming into force in a mere 100 days. While that may seem like a long time away, 25th May is fast-approaching, and it’s imperative that businesses impacted by the EU regulation are putting plans into place to ensure they meet the deadline. The cost of non-compliance has severe penalties of up to €20m or 4% of global annual turnover – whichever is greatest.

The world’s most valuable resource is no longer oil, but data. In today’s digitally transformed and connected world, data is produced in vast streams daily, at a mind-boggling volume and pace. A global ‘rush’ is now on to tap data flows and extract value. Not surprisingly, a heightened focus on data security and customer privacy has followed.

With only 100 days to prepare, here are some key areas that organisations should be considering:

Privacy and data protection: More than just security – Focusing on security without privacy would be like having a house made of bullet-proof, transparent glass. No one will get inside, but an individual’s personal life is still on display to all. In the modern era of user-centred e-commerce and connected business, security of data and systems as well as wider customer data privacy must be managed holistically.

– Focusing on security without privacy would be like having a house made of bullet-proof, transparent glass. No one will get inside, but an individual’s personal life is still on display to all. In the modern era of user-centred e-commerce and connected business, security of data and systems as well as wider customer data privacy must be managed holistically. Proactive proof of compliance – The ‘but we’ve always done it that way’ excuse will not cut it under GDPR. Organisations will need to establish and maintain evidence logs in readiness to submit to regulators in the event that a complaint is made against them, and prepare for future evidence that may be required going forward.

– The ‘but we’ve always done it that way’ excuse will not cut it under GDPR. Organisations will need to establish and maintain evidence logs in readiness to submit to regulators in the event that a complaint is made against them, and prepare for future evidence that may be required going forward. Be aware of biometric data – Under the GDPR, biometric data will be classified as ‘special category data’ meaning privacy, identity and security will be critical to the next generation of data-driven businesses. Where biometric data is to be collected, careful consideration must be given to the implications of a data breach where the very essence of an individual, their uniquely personal identifiers, are lost or in some way compromised.

Gartner has predicted over 50% of companies affected by GDPR will not be fully compliant by the end of 2018, but the very specific technology and data management skills needed to define and manage the implementation within a business may prove that statistic to be too optimistic. The technical challenges are enormous, even for relatively small organisations. Just knowing where a company’s data is located, backed up, viewed and accessed globally – not just by the organisation itself, but by its suppliers too – is a huge and complex exercise in itself, but even with a project of this size, there are quick wins which can be achieved along the way.