A new European Union (EU) privacy regulation goes into effect with broad reaching implications for organizations around the world. The regulation, called the General Data Protection Regulation (GDPR), introduces new requirements on privacy, security, and compliance, accompanied by appropriate security measures.
GDPR COMPLIANCE PROCESS
InsITe offers an all-inclusive solution for GDPR Compliance, from gauging your preparedness to building and implementing the changes needed to keep your business compliant
Identify what personal data you have, where it resides across devices, apps and platforms, and how it impacts your business. Increase visibility with auditing capabilities
We simplify the management of GDPR and dozens of other regulations. Centralize processing in a single system, simplifying data management, and audit-ready tools that help you manage your processes
Get a thorough evaluation of your GDPR preparedness with our detailed assessment. An ongoing assessment with actionable insights to improve your data protection capabilities
Use policies and access controls across your systems, classify data for simplified compliance, and respond to data requests and transparency requirements
Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches. Protect data with industry leading encryption and security technology that’s always up-to-date
Protect user credentials with risk-based conditional access, safeguard data with built-in encryption technologies, and rapidly respond to intrusions with built-in controls
THE GDPR APPLIES MORE BROADLY THAN YOU MIGHT THINK
The law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in EU or that collect and analyze data tied to EU residents — no matter where they are in the world. GDPR is applicable to organizations of all sizes and all industries and personal data can be found in many places.
KEY CHANGES REQUIRED BY THE GDPR
It is important to know and understand the requirements, as there are significant consequences for non-compliance
- Object to processing of their personal data
- Correct errors in their personal data
- Access their personal data
- Erase their personal data, e.g. the “right to be forgotten”
- Export personal data
Organizations need to:
- Provide clear notice of data collection
- Outline processing purposes and use cases: why it is processed, how long it is stored, with whom is it shared, etc.
- Define data retention and deletion policies
Control & Notify
Organizations need to:
- Protect personal data using appropriate security
- Notify authorities of personal data breaches
- Obtain appropriate consents for processing data
- Keep records detailing data processing
IT & Training
Organizations need to:
- Train privacy personnel and employees
- Audit and update data policies
- Employ a Data Protection Officer (if required)
- Create and manage compliant vendor contracts
HOW DOES THE GDPR EFFECT YOUR BUSINESS?
We answer the FAQ’s around what GDPR means for your organization
1. Does the GDPR apply to my organization?
- GDPR Impacts organizations that offer goods and services to people in EU or collect and analyze data tied to EU residents, no matter where they are
- Includes companies, government agencies, non-profits, and others
- For all sizes of organizations: small, large, and enterprise
The GDPR isn’t just Europe – it applies more broadly than many people think.
2. Is the data my organization processes subject to the GDPR?
- GDPR regulates collection, storage, use, and sharing of “personal data”
- Includes Personal Identifiable Information (PII): any data related to an identified or identifiable person
- Some identifiers: IP address, employee information, sales data, customer data, and biometric data
The GDPR is all about personal data, which can reside in: customer databases, feedback forms filled out by customers, email content, photos, CCTV footage, loyalty program records, HR databases, and more.
3. What are the risks if we don’t comply?
- Fines can be up to 4% of annual turnover or €20 million
- Individuals (or organizations acting on their behalf) can start civil litigation
- Other organizations may only work with you if you’re compliant
Up until now, data protection laws did not include significant fines. The GDPR changes things dramatically. GDPR compliance is not a one-time activity and carries significant penalties for non-compliance.
4. What are the main requirements?
- Transparency, fairness, lawfulness when handling and using personal data
- Personal data security
- Data processing minimization
- Collection and storage minimization
- Ensure accuracy of personal data
Organizations need to be clear how they handle personal data– there must be a lawful basis. Processing is limited to specified, explicit, legitimate purposes. Storage should be adequate for the intended purpose.
5. What does transparency really mean?
- Organizations must tell individuals about their data processing
- Why it is processed, how long it is stored, with whom it is shared, and is it transferred outside the EU
- Easy to access and understand format
Data controllers must ensure that anyone whose data is collected is kept adequately and sufficiently informed about just what is being done, and will be done, with their data.
LET THE EXPERTS HANDLE THE DETAILS
InsITe offers an all-inclusive solution from gauging your preparedness to building and implementing the changes needed to keep your business compliant.
Gain a common understanding of your compliance objectives and the GDPR requirements.
- Assess your organization’s GDPR maturity level, looking at your preparedness to execute on discovery, management, protection, and reporting activities
- A complete understanding your compliance risk
- Create a GDPR compliance roadmap with a prioritized and actionable list of next steps that’s ready for legal and advisory review
- With roughly 160 requirements, we handle all the details you can concentrate on what’s important
Data Discovery Services
We perform an on-going risk assessment that reflects your compliance posture against data protection regulations when using cloud services, along with recommended actions, and step-by-step guidance.
- Identify which activities or requirements should be tracked
- Implement tracking and on-going assessment of compliance against regulatory requirements
- Provide actionable insights and step-by-step guidance to help improve your data protection capabilities
- Help you understand and use all the functionality included to simplify and streamline compliance
Compliance Management Services
The GDPR regulates the collection, storage, use, and sharing of personal data. Many organizations need assistance in understanding and managing the personal data they have collected and retained.
- Identify the systems where data is collected and stored
- Understand why data was collected, how data is processed and shared, and how long it should be retained
- Detailed inventory of data sources and data contained within those sources
- Insights on quantity of data containing personally identifiable information (PII) or sensitive personal information potentially subject to the GDPR