The General Data Protection Regulation, or GDPR is a regulation intended to strengthen data protection for all individuals in the European Union. However, if your organization has operations within the EU – you are also subject to its requirements. It can be viewed as a strong response to the numerous recent cases of personal data being mishandled and that’s not necessarily a bad thing!
What Are Some of the Rules?
While a more comprehensive list is found on EUGDPR.org, here are a few of the critical changes GDPR brings to the management of personal data:
- Consent – must be explicit for data collected and the purposes for use
- Right to Access – can your customers freely access the personal data you have on them? Can they see how the data is being used?
- Right to be forgotten – subjects have the right to request erasure of their personal data
- Data portability – subjects must be able to transfer their personal data from one electronic processing system to another
- Data protection by default – privacy settings must be set at a high level by default
Why Should I Care?
In one word: sanctions. Non-intentional non-compliance may result in written warnings, but more serious breaches of regulations can mean fines up to 4% of annual revenue, or 20,000,000 EUR, whichever is greater. This includes breaches like the transfer of personal data to a recipient in a third country, or violations of the basic principles of the regulation for data processing and conditions for consent.
When Does it Take Effect?
The GDPR was adopted April 27, 2016 and becomes enforceable May 25, 2018.
What Can I do About it?
Step 1 is to read the bill, but your compliance groups have probably already done that, and they are likely concerned. Thankfully, Magenium has packaged up a GDPR Workshop to help elevate your GDPR maturity.
By taking part in our workshop, together we will:
- Identify GDPR compliance gaps
- Identify potential data security and compliance challenges
- Understand GDPR compliance objectives
- Assess GDPR maturity level
- Create a GDPR compliance roadmap
Engagement kickoff: Kick off meeting to introduce team members and brief the team on upcoming activities. Confirm meeting schedules and locations.
GDPR Detailed Assessment: Complete discussion of the questions contained within the Microsoft GDPR Detailed Assessment.
Outcome Analysis and Write-Up: Analyze and document results of the assessment, and prepare the close out presentation.
Close-out Presentation: Present the findings from the assessment to your teams and define next steps, and if possible a roadmap towards GDPR compliance.
Ready to get started? Contact us below.