A Practical Approach to the General Data Protection Regulation Compliance
The EU General Data Protection Regulation (GDPR) is the updated version of EU Data Protection Directive that came into action on May 15, 2016, and will come into effect on May 25, 2018. While it applies to all 28 European Union member state, it applies globally considering that many service organizations either store and/or process the personal data of EU citizens.
The new regulation emphasizes individual's privacy rights when it comes to the protection of personal data. If your organization hosts or processes the data that belongs to the EU citizens, you will be a subject to the GDPR compliance, including significant obligation, whereby you company could be fined up to €20,000,000 for a serious infringement.
What does it mean to your organization?
If you serve EU clients, you must comply with the General Data Protection Regulation. Specifically, prior to storing and/or processing the personal data, you must:
- Obtain a clear, written consent
- Obtain parent consent if Data Subject is under 16 years of age
- Provide a copy of individual’s personal data when requested
- Erase all personally identifiable records if and when requested
- Provide “adequate” data security and privacy controls
- Perform regular Privacy Impact Assessments
- Notify of a breach within 72-hours
- Appoint a Data Protection Officer (for large scale data processing)
- Identify Key Data Assets
- Perform Complete Risk Assessment
- Develop and Implement Policies & Procedures
- Deliver Data Security Awareness Training
- Monitor Progress and Respond Timely
We Can Help
We make it easy for your organization to understand the requirements, and become compliant, using a practical, proprietary 4-step approach. Call us today to schedule consultation, and achieve compliance, fast.
Copyright © 2017 Driz Group Inc. All Rights Reserved.