NEW REGULATIONS WENT INTO EFFECT MAY 25TH
ARE YOU GDPR READY?
A new European Union (EU) privacy regulation goes into effect with broad reaching implications for organizations around the world. The regulation, called the General Data Protection Regulation (GDPR), introduces new requirements on privacy, security, and compliance, accompanied by appropriate security measures.GDPR COMPLIANCE PROCESS
InsITe offers an all-inclusive solution for GDPR Compliance, from gauging your preparedness to building and implementing the changes needed to keep your business compliant
Discover
Identify what personal data you have, where it resides across devices, apps and platforms, and how it impacts your business. Increase visibility with auditing capabilitiesManage
We simplify the management of GDPR and dozens of other regulations. Centralize processing in a single system, simplifying data management, and audit-ready tools that help you manage your processesAssess
Get a thorough evaluation of your GDPR preparedness with our detailed assessment. An ongoing assessment with actionable insights to improve your data protection capabilitiesEnforce
Use policies and access controls across your systems, classify data for simplified compliance, and respond to data requests and transparency requirementsStrategize
Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches. Protect data with industry leading encryption and security technology that’s always up-to-dateSafeguard
Protect user credentials with risk-based conditional access, safeguard data with built-in encryption technologies, and rapidly respond to intrusions with built-in controlsTHE GDPR APPLIES MORE BROADLY THAN YOU MIGHT THINK
The law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in EU or that collect and analyze data tied to EU residents — no matter where they are in the world. GDPR is applicable to organizations of all sizes and all industries and personal data can be found in many places.
At InsITe, we have the skilled personnel, process knowledge, and the technology expertise to evaluate your GDPR readiness and help you on your path to become, and stay, compliant. An ideal starting point is an assessment of your GDPR preparedness. We’ll work with you to evaluate your organization’s privacy posture, uncover risks, provide expert guidance around the GDPR, and offer recommendations specific to your organization.
KEY CHANGES REQUIRED BY THE GDPR
It is important to know and understand the requirements, as there are significant consequences for non-compliance
Personal Privacy
Individuals can:
- Object to processing of their personal data
- Correct errors in their personal data
- Access their personal data
- Erase their personal data, e.g. the “right to be forgotten”
- Export personal data
Transparent Policies
Organizations need to:
- Provide clear notice of data collection
- Outline processing purposes and use cases: why it is processed, how long it is stored, with whom is it shared, etc.
- Define data retention and deletion policies
Control & Notify
Organizations need to:
- Protect personal data using appropriate security
- Notify authorities of personal data breaches
- Obtain appropriate consents for processing data
- Keep records detailing data processing
IT & Training
Organizations need to:
- Train privacy personnel and employees
- Audit and update data policies
- Employ a Data Protection Officer (if required)
- Create and manage compliant vendor contracts
Interested in a FREE Compliance Assessment? We assess GDPR and other industry regulation compliance.
HOW DOES THE GDPR EFFECT YOUR BUSINESS?
We answer the FAQ’s around what GDPR means for your organization
1. Does the GDPR apply to my organization?
- GDPR Impacts organizations that offer goods and services to people in EU or collect and analyze data tied to EU residents, no matter where they are
- Includes companies, government agencies, non-profits, and others
- For all sizes of organizations: small, large, and enterprise
Pro Tip:
The GDPR isn’t just Europe – it applies more broadly than many people think.2. Is the data my organization processes subject to the GDPR?
- GDPR regulates collection, storage, use, and sharing of “personal data”
- Includes Personal Identifiable Information (PII): any data related to an identified or identifiable person
- Some identifiers: IP address, employee information, sales data, customer data, and biometric data
Pro Tip:
The GDPR is all about personal data, which can reside in: customer databases, feedback forms filled out by customers, email content, photos, CCTV footage, loyalty program records, HR databases, and more.3. What are the risks if we don’t comply?
- Fines can be up to 4% of annual turnover or €20 million
- Individuals (or organizations acting on their behalf) can start civil litigation
- Other organizations may only work with you if you’re compliant
Pro Tip:
Up until now, data protection laws did not include significant fines. The GDPR changes things dramatically. GDPR compliance is not a one-time activity and carries significant penalties for non-compliance.4. What are the main requirements?
- Transparency, fairness, lawfulness when handling and using personal data
- Personal data security
- Data processing minimization
- Collection and storage minimization
- Ensure accuracy of personal data
Pro Tip:
Organizations need to be clear how they handle personal data– there must be a lawful basis. Processing is limited to specified, explicit, legitimate purposes. Storage should be adequate for the intended purpose.5. What does transparency really mean?
- Organizations must tell individuals about their data processing
- Why it is processed, how long it is stored, with whom it is shared, and is it transferred outside the EU
- Easy to access and understand format
Pro Tip:
Data controllers must ensure that anyone whose data is collected is kept adequately and sufficiently informed about just what is being done, and will be done, with their data.LET THE EXPERTS HANDLE THE DETAILS
InsITe offers an all-inclusive solution from gauging your preparedness to building and implementing the changes needed to keep your business compliant.
Detailed Assessment
Gain a common understanding of your compliance objectives and the GDPR requirements.
- Assess your organization’s GDPR maturity level, looking at your preparedness to execute on discovery, management, protection, and reporting activities
- A complete understanding your compliance risk
- Create a GDPR compliance roadmap with a prioritized and actionable list of next steps that’s ready for legal and advisory review
- With roughly 160 requirements, we handle all the details you can concentrate on what’s important
Data Discovery Services
We perform an on-going risk assessment that reflects your compliance posture against data protection regulations when using cloud services, along with recommended actions, and step-by-step guidance.
- Identify which activities or requirements should be tracked
- Implement tracking and on-going assessment of compliance against regulatory requirements
- Provide actionable insights and step-by-step guidance to help improve your data protection capabilities
- Help you understand and use all the functionality included to simplify and streamline compliance
Compliance Management Services
The GDPR regulates the collection, storage, use, and sharing of personal data. Many organizations need assistance in understanding and managing the personal data they have collected and retained.
- Identify the systems where data is collected and stored
- Understand why data was collected, how data is processed and shared, and how long it should be retained
- Detailed inventory of data sources and data contained within those sources
- Insights on quantity of data containing personally identifiable information (PII) or sensitive personal information potentially subject to the GDPR