The General Data Protection Regulation (GDPR) is a European Union “EU”-wide framework to protect the personal data of EU citizens and residents. Also referred to as Regulation (EU) 2016/679, the final version was signed by the presidents of the European Parliament and of the Council of the European Union on of April 27th, 2016. Read the Final GDPR Regulation here.
GDPR contains 99 articles and 173 recitals and aims to give consumers control of their personal data as it is collected by companies. The regulation reaches beyond EU boundaries to any region of the world if an EU resident’s personal data is processed at an organization serving EU audiences (or with EU employees). GDPR is considered a revolutionary change to data protection laws and is expected to set new standards on how such data is protected by organizations. The regulation carries fines of up to €20 million or 4% of global turnover, upon failure to comply.
GDPR grants data subjects the right to request a copy of their personal data and a variety of other information such as the purpose of processing, categories of data that are processed, information on the parties to which their personal data have been disclosed (specifically, recipients in third countries), and retention periods. Further, GDPR grants data subjects the right to request rectification or erasure of inaccurate personal information and the right to be forgotten under certain circumstances (e.g. when the personal data is no longer necessary for the collection purposes, when consent is withdrawn, or when the processing is unlawful).
Organizations must be able to demonstrate their GDPR compliance and should therefore consider which measures and actionable requirements will allow them to meet this rule. Serious data breaches must be reported to national authorities within 72 hours.
IT Risk Pros offers solutions to assist in implementing and managing controls to ensure the appropriate privacy and security measures are in place to protect personal data under the General Data Protection Regulation. Our methodology is divided into four phases to not only comply with GDPR, but to improve security in your organization.
Call IT Risk Pros today at 888.811.RISK (7475), or email us at firstname.lastname@example.org to discuss your GDPR compliance needs with an experienced consultant.