General Data Protection Regulation (GDPR)
The GDPR has specific requirements regarding the transfer of data out of the E.U. and is specifically designed to help protect the privacy of citizens in the European Union. Even though the GDPR is designed for the E.U., its reach will extend to any company outside of the E.U. that processes, controls, and/or monitors privacy related-data of E.U. citizens. Companies based in the United States who perform such functions will be subject to the regulation and will be responsible for complying with it.
The GPDR is comprehensive and will require a significant amount of documentation as evidence of compliance and emphasizes organizational accountability. Hefty fines are associated with non-compliance (e.g. the greater of 4% of global turnover, or 20MM Euros), so getting prepared for the GDPR should be part of your planning for 2018. Planning will require key stakeholder buy-in from your organization’s leaders and decisions will need to be made regarding the necessity (or lack thereof) of a Data Protection Officer (DPO) and the other various roles and responsibilities associated with protecting personal data (i.e. new processes, risk management, breach reporting, complaint management, etc.).
GDPR Data Protection Solutions
Having a dedicated Data Protection and Privacy Program aligned to GDPR is highly recommended. CISOSHARE’s Data Privacy Program professional services offering is aligned to GDPR and is tailored to your specific business and its needs. The robust data protection offering provides your business with the required documentation to present to auditors and respond to compliance assessments. Having a dedicated GDPR Data Privacy Program can be seen as a competitive advantage in today’s global business environment as more and more companies and customers seek assurance and proof of security and privacy being taken seriously by the companies they do business with.
GDPR Data Privacy Program
To achieve and maintain GDPR compliance, a GDPR Data Privacy Program helps organizations control the flow of information, prevent breaches, create processes, and build out all the necessary documentation required should certain data privacy-related events occur or the organization is assessed by the supervisory authority.
let us know how we can support you!