Time Is Closing in for GDPR

The General Data Protection Regulation (or GDPR) is due to come into effect on May 25th 2018, which means there isn’t a huge amount of time left to become compliant. For many businesses this new set of regulations requires significant operational changes to ensure they meet the new legislation in time. Failure to be compliant has substantial financial penalties of €20m or 4% of global annual turnover (whichever is greater), so it’s vital to take action.


At Scrivito, we’ve already started implementing the internal processes for our customers in the EU. Scrivito runs on the world-class infrastructure of Amazon Web Services (AWS). Your data is safe and secure – for high availability and data durability, your data is stored in at least three geographically distributed data centers. Both Amazon and Netlify (our hosting partner) will be fully compliant by the launch, so there is one less headache if your website is already powered by Scrivito. 

Actions businesses need to take to become compliant

It doesn’t matter where in the world your business is based, if you serve customers in the EU - you must take note. Below we’ve put together the key steps which will be essential to ensuring compliance.

Fully audit and map your data flows

This essentially means you need to be aware of where data is coming in, where it’s stored and how it’s processed. Once you’ve established this, you can start your journey to becoming compliant.

Check with your third party providers

It’s vital you ensure the suppliers you work with are fully compliant, or are in the process of making the necessary changes to meet the obligations set by the GDPR. This covers everything where data from your customers may flow through or be stored.

Define a clear data access procedure

Under the GDPR, everyone has access to request all of the personal data you store on them and it needs to be delivered back to them promptly. You’ll need to define a clear process for customers to request this and ensure you can internally handle these requests. 

Get ready to report a breach

If the worst happens and a breach is discovered, the GDPR sets a 72 hour deadline for ensuring this is reported to the relevant organization. To meet such a deadline, it’ll be essential the right internal reporting is set up and cultural changes may even need to be made so employees feel comfortable reporting breaches. 

Ensure excellent communication

Europe has a strong belief that privacy is a human right. We’d recommend you keep your customers informed about the changes you’ve made to ensure the safety of their data.

Again, we at Scrivito are prepared. We’ll keep you informed!