GDPR Compliance

GDPR Compliance

218Days 00Hours 33Minutes 43

We help your business achieve compliance through our GDPR Compliance and Assessment Services.

What is GDPR?

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
EUDGPR.org

GDPR applies to any organization or company that processes and/or stores personal data of citizens of the European Union.

For organizations that collect or store data on EU citizens, key provisions of the law include:

Data Protection Officers: certain organizations must designate a DPO who will be responsible for the monitoring and protection of personal data

Consent: Data subjects must consent to the use of thier data, and

Right to Object: they have the right to object to processing, marketing or profiling

Right to Erasure: your organization must be capable of erasing personal data without delay, and have explicit means to handle requests to erase data

There is no easy, standard solution. It’s up to the organization to determine adequate security measures, and be able to justify decisions.

Does it apply to my company?

GDPR applies to any organization or company that processes and/or stores personal data of citizens of the European Union.

What are the penalties for non-compliance?

1) If your organization or business is found to be in violation of customer consent or violating the core of “Privacy by Design” concepts, the fine can be as high as 4% of GLOBAL annual revenue.

2) A company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.

GDPR applies to both controllers and processors; cloud storage or processing is not exempt from GDPR enforcement.

How long does it take to become compliant?

This varies depending on where and how your data is currently processed and stored. Security maturity, including existing measures for managing sensitive data, executive level support, and risk management also play a role. No two businesses are ever alike.

What can Sera-Brynn do to help?

Compliance with GDPR will be an enormous hurdle for many companies, and May 2018 is fast approaching. Our certified audit and advisory teams focus on action items that move the needle and manage the risk to your organization, and using a third-party auditor is a smart way to transfer risk. We recommend four phases to complying with GDPR:

Phase 1 – Scoping: Assess your compliance readiness, understand gaps, and develop a plan to not only comply with GDPR, but to measurably improve security overall. This includes data inventory and mapping to understand where data is stored, processed and transmitted.

Phase 2 – Privacy Programming: Implement a program to manage data flows, develop policies, deliver training, and if necessary adjust business processes.

Phase 3 – Incident Response and Breach Notification: There is a 72-hour notification window in the event of a breach involving personal data under GDPR. Understanding requirements for notification and forensic preservation is key.

Phase 4 – Detect and Defend: Get the necessary technology tools. We help you find the most effective solutions to address gaps identified in the three previous phases. Our goal is to help you achieve compliance, not to sell products.

Contact Us

  • This field is for validation purposes and should be left unchanged.