General Data Protection Regulation (GDPR) Compliance
The General Data Protection Regulation (GDPR) is a European Union law, but it's going to impact businesses beyond the EU. Basically, any business that collects and processes personal data of EU individuals will need to achieve GDPR compliance by deadline day, May 25th, 2018.
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly. Here’s what every company that does business in Europe needs to know about GDPR.
Understanding why GDPR is important
The European Union (EU) General Data Protection Regulation (GDPR) has the potential to profoundly impact businesses across a multitude of industries such as finance, retail, healthcare, pharmaceutical, communications, and others consisting of organizations that possess the personal data of EU citizens. GDPR is a regulation drafted by the Council of the European Union with the goal of strengthening and unifying data security across the EU. It applies to personal data processing that is carried out by organizations that operate within the EU. Organizations located outside the EU that host or possess personal consumer data of EU citizens must still comply with this regulation.
Does GDPR apply to your organization?
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.
GDPR Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies. Survey showed that 92 percent of U.S. companies consider GDPR a top data protection priority.
GDPR, Identity & Cybersecurity
- What are the privacy & security requirements for being GDPR compliant? -
- Why we should think beyond GDPR when it comes to improving data security?
- Are you compliant / ready when GDPR goes into effect next month?
- What are some last-minute items to complete before the GDPR deadline?
Our program offered a guided/tour of the GDPR:
- Key concepts, scope of application of the GDPR
- GDPR Individual rights provisions
- GDPR Core principles
- GDPR Data security
- GDPR Data transfers
- GDPR Compliance in practice: accountability
- GDPR Implications for data protection authorities and the European one-stop-shop mechanism
- Information Security Compliance
- Compliance Testing: conducts compliance tests to identify the potential gaps and vulnerabilities within your current personal data infrastructure and we provide recommendations for improvement to ensure you are in alignment with the GDPR regulation. This service will position your organization to better protect data and to have effective operational procedures for handling data safely.
- Incident Response Management: reviews, revises, and refines your incident response policy, plan, processes, and procedures to ensure they align with the GDPR articles. We enhance your incident response capabilities, including your breach notifications, which allow you to better identify, protect, detect, and respond to any potential and/or actual personal data incidents. Organizations that have used this service have become more proactive and better prepared to handle potential privacy breaches or legal disputes.
- Data Lifecycle Management: works with your organization to develop viable mechanisms for identifying and managing new personal data being processed and used. We help you to develop strategies to appropriately determine data storage, security, handling, and transmission. We work with you to develop appropriate checkpoints and controls to ensure ongoing GDPR compliance. After working with us, data security threats are mitigated and minimized making your data lifecycle resilient.
- Data Privacy Assessment and Management: analyzes your organization’s data privacy management program, conducts privacy impact assessment (PIA), and develops a strategy for implementing privacy controls that are compliant with GDPR requirements. After working with us, your organization will be in a better position to secure and manage personal data against potential risks. Data privacy must be incorporated into your data privacy management program and must serve as an anchor for achieving and maintaining compliance. Organizations that have used this service have been able to:
- reduce the privacy risks of data management,
- reduce the chance that the organization or its staff or customers will suffer financial or reputational harm, and
- achieve competitive advantages by reflecting the importance the organization places on protecting personal data thereby earning trust.