GDPR: Don't Tread on My DataWhat to Know About Compliance and the General Data Protection Regulation
By Michael Fiorito, MDS
The General Data Protection Regulation, or GDPR, in short, is Europe’s response to ensuring the protection of EU citizen data.
GDPR was developed in 2016 by the European Commission. Organizations will be required to meet compliance by May 25, 2018. The penalties for not meeting compliance will be determined by the duration of the infringement, the number of the data subjects affected and the level of impact.
Compliance will be required by ALL organizations handling EU citizen data regardless of where that organization resides. So basically, in this increasingly “flat” global workplace, that means most US businesses have to become compliant.
What does GDPR Compliance Entail?
Extended jurisdiction – Applies to any company collecting and/or processing EU citizen’s personal data independent of the company’s physical location.
Consent – Organizations must obtain individual’s consent to store and use their data as well as explain how it is used.
Mandatory breach notification – Organizations must divulge security breaches to a supervisory authority.
Right to access – Companies must provide electronic copies indicating what personal data the organization is processing, where their data is stored and for what purpose - upon request.
Right to be forgotten – EU citizens will be able to request deletion of their personal data.
Data portability – Organizations must be able to provide an individual’s personal data in a common format.
Privacy by design – Security must be built into products and processes from day one.
Data protection officers (DPO) – Both data controllers and data processors are now required to appoint a DPO.
MDS can help you with the discovery and taxonomy of your organization’s EU citizen data and provide advisory assistance to meet and maintain GDPR compliance.
Get a comprehensive breakdown of how to become GDPR compliant or set up an appointment with a MDS Compliance Expert. Also, sign up for our upcoming live faciliated panelist discussion on anything and everything related to GDPR!