The General Data Protection Regulation (GDPR)

Understand everything you need to know about GDPR now that the May 25th deadline has passed.

How Prepared are You?

Our GDPR Readiness Quiz is a graded, online self-evaluation tool to help your organization review its GDPR readiness ‘score’ free.

Take Quiz

Although your organization may be based in the US, it is likely you still need to adhere to the GDPR (General Data Protection Regulation) compliance regulation by May 25, 2018.

This overhaul of EU data protection regulation is the most significant in recent history and impacts any organization who does business internationally. Therefore, any US-based company that targets consumers in the EU, monitor EU citizens or offer goods or services in the EU (even if it is free) have to comply.

Organizations who are not GDPR compliant by the deadline can be fined up to 4% of annual global turnover or 20 Million Euros, per incident.

Still not compliant post deadline? Here's what to do.

What is GDPR?
The General Data Protection Regulation (GDPR) is designed to give data control back to the individual, rather than it be controlled by an organization. With GDPR, an individual reserves the right to control an organization’s access to their personal data while also improving the way data is protected and processed. Under GDPR, one has the right to access, adjust or completely remove personal user data upon request.

Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the current Data Protection Act (DPA) and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures.

GDPR Webinar

WATCH NOW

The Brexit Question:
UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the European Union, and the government has confirmed that the Regulation will apply, a position that has been confirmed by the Information Commissioner.

GDPR Checklist

DOWNLOAD NOW

What to do now that the GDPR deadline has passed - and How MDS Can Help:
The MDS compliance team has wide-ranging data protection expertise to help organizations prepare for the GDPR. We offer a comprehensive suite of information, resources, and compliance solutions services. MDS will take a look at your current IT infrastructure and highlight the areas in which you are non-GDPR compliant. We will then create a custom roadmap to highlight the steps necessary to become GDPR compliant, and facilitate the implementation.

There are 10 Key Facts Businesses need to know about the new regulation:

1. GDPR Applies to All

The GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens.

This means that any company that works with information relating to EU citizens will have to comply with the requirements of the GDPR, making it the first global data protection law.

2. The GDPR widens the definition of personal data

The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information.

Companies should take measures to reduce the amount of personally identifiable information they store, and ensure that they do not store any information for longer than necessary.

3. Tighter regulations for obtaining valid consent to use personal information

The GDPR requires all organizations collecting personal data to be able to prove clear and affirmative consent to process that data.

Once GDPR is in effect, it will be more important than ever for organizations to explain exactly what personal data they are collecting and how it will be processed and used. Without valid consent, any personal data processing activities will be shut down by the authorities

4. A designated Data Protection Officer (DPO) is required

Any business that depends on processing personal information will have to appoint a DPO, who will be an extension of the data protection authority to ensure personal data processes, activities and systems conform to the law by design. A third-party DPO, such as MDS, is permitted.

5. Privacy Impact Assessments (PIAs) are mandatory

The GDPR requires data controllers to conduct PIAs where privacy breach risks are high to minimise risks to data subjects.

Before organisations can even begin projects involving personal information, they will have to conduct a privacy risk assessment and work with the DPO to ensure they are in compliance as projects progress.

6. Data Breach Notifications are mandatory

The regulation requires organizations to notify the local data protection authority of a data breach within 72 hours of discovering it.

Organisations need to therefore ensure they have the technologies and processes in place that will enable them to detect and respond to a data breach.

7. The GDPR introduces the right to be forgotten

One of the new data handling principles being introduced is the “data minimization principle”, that requires organizations not to hold data for any longer than absolutely necessary, and not to change the use of the data from the purpose for which it was originally collected, while – at the same time – they must delete any data at the request of the data subject (aka: the employee).

8. Liability beyond data controllers is expanded

In the past, only data controllers were considered responsible for data processing activities, but the GDPR extends liability to all organizations that touch personal data.

Even organizations that are purely service providers that work with personal data will need to comply with rules such as data minimization

9. Privacy by design is required

The GDPR requires that privacy is included in systems and processes by design. This means that software, systems and processes must consider compliance with the principles of data protection.

Moving forward, all software will be required to be capable of completely erasing data, which will be a challenge for a lot of software engineers

10. The GDPR introduces the concept of a one-stop shop

With GDPR, any European data protection authority is allowed to take action against organization, regardlress of where in the world the company is based.

The benefit for business is that they will have to deal with only one supervisory authority rather than a different one for each EU state.

MDS Compliance Resources

GDPR Compliance: Gap Analysis Workshop

MDS and partner law firm BurgherGray to break down GDPR and what steps to take when becoming compliant.

Watch Now

How Prepared are You for GDPR?

Our GDPR Readiness Survey is an online, self-evaluation tool that will give you a letter grade of your organization’s GDPR readiness.

Take Survey

Step-By-Step GDPR Compliance Checklist

Better manage the necessary steps to become GPDR compliant by using this step-by-step breakdown as your guide.

Download Checklist

Why Does GDPR Matter to You?

The certified professionals at MDS will help you determine which regulations your organization needs to meet.

Contact Us

About MDS

Our mission here at Maureen Data Systems (MDS) is to digitally transform business environments with the use of cloud infrastructure, security and privacy controls, data analytics, and managed services.

As a woman-owned business, we embrace a culture of inclusivity, diversity, and consistent learning. The MDS team, in both the US and Latin America, is comprised of certified professionals that work with you to deliver strategic implementations, providing you with a competitive advantage. Our utmost priority is maintaining our customer technology needs, which is why 25+ years later we continue to grow.

Upcoming Events

December 8, 2020 - Webinar

Cognitive/Synapse: The Future of Automated Documentation

Contact Us

Global Headquarters

500 W 43rd Street, Suite 33E

New York, NY, 10036

Email: contactus@mdsny.com

Tel: +1 646-744-1000

Locations: NY | FL | PR | TX

Download the MDS Line Card.