What is GDPR
The European Union (EU) General Data Protection Regulation (GDPR) was approved by the EU Parliament on 14 April 2016 and will enter full force for all EU member states on 25 May 2018. The GDPR replaces the current Data Protection Directive 95/46/EC and sets the rules relating to the protection and processing of personal data as well as protecting the rights and freedoms of persons and their right to the protection of personal data within the European Union (EU).
Who Does GDPR Apply To?
GDPR applies to organizations located within the EU and organizations located outside of the EU, should they offer goods or services to process information pertaining to EU organizations and citizens. It applies to all companies processing and holding the personal data of people residing in the EU, regardless of the company’s location.
Largest Operational Impacts of GDPR
Territorial Scope: GDPR does not only impact organizations located within the EU. It impacts any organization globally that processes the data of an EU resident.
Data Protection Officer: The Data Protection Officer must be skilled at handling the privacy of information and be readily involved in, and available to address matters concerning the security and privacy of data.
Consent and Necessity: The individual whose data is being collected must have given consent to the collection of their data and the collection of data must be business, legally or contractually necessary.
Impact Assessments: Data processors are required to conduct impact assessments on their systems that will process regulated data.
Data Protection: The backing up and encryption of regulated data are requirements under GDPR. Measures must be taken to protect the confidentiality, integrity and availability of the information and organization’s must ensure that they are regularly monitoring and assessing their security measures for effectiveness.
Vendor Management: The data controller is responsible for selecting and managing their chosen data processors. Impact assessments and vendor risk management practices are all required under GDPR.
Increased Penalties: Organizations can be fined up to 20,000,000 Euros, or 4% of gross annual turnover (whichever is higher) for infringing the regulation.
SubRosa Cyber Solutions and GDPR
SubRosa Cyber Solutions offers a three-tier process to assessing and guiding your organization through the process of achieving GDPR compliance. Enabling SubRosa Cyber Solutions to accurately determine the steps needed to be taken in order to achieve compliance.