May 25th 2018 is right around the corner, are you ready?
The aim of General Data Protection Regulation (GDPR) is to create a uniform level of data protection in the European Union (EU). Before this regulation becomes enforceable, organizations must ensure their compliance with the GDPR requirements. GDPR applies to all organizations that process personal data of EU citizens and will allow EU citizens to continuously monitor personal data breaches.
GDPR doesn’t just apply to companies in the European Union; organizations outside of the EU, which are targeting consumers in the EU, or have customers in the EU, are subject to the regulation.
GDPR was approved and adopted in April 2016, and will be enforceable starting May 25th 2018.
ISMS Solutions is uniquely positioned to help organizations become GDPR compliant. To schedule a conversation and see how ISMS can help, click here.
Watch out for massive fines!
In cases where organizations fail to comply with the GDPR requirements, the fines can reach up to $10 million or 2% of an organizations annual turnover, whichever is greater. Also, in the case of more serious infractions, penalties can reach up to $20 million or 4% of organizations annual revenue, whichever is greater. Under certain circumstances, the GDPR obliges organizations to appoint a Data Protection Officer (DPO). The DPO may be a full-time employee or work under a service based contract.
Are you DPA Compliant? If so, you still have some work to do.
In 1998 the UK passed the Data Protection Act (DPA) legislation, which replaced the EU Data Protection Directive of 1995. The Data Protection Act will be replaced with the enforcement of GDPR.
Requirements of GDPR Include:
Additional Personal Data Requirements Include:
We here at ISMS Solutions believe that compliance doesn’t just stop at the waters edge. To truly become compliant you have to understand your risks, your obligations, and most of all the potential impact of non-compliance. In that light, GDPR falls right into our sweet spot and is grouped in our Information Security family, which also consists of NIST 800-171 Compliance and ISO 27001 Certification.
Our partnership with NSF International can help provide you with all the necessary tools to assess, update, and meet the requirement. For more information on how we can help your organization become GDPR compliant, click below.