What is GDPR?
The General Data Privacy Regulation (GDPR) becomes effective on May 25, 2018, which bolsters data protection and privacy for all individuals within the European Union (EU). It standardizes data privacy across all EU member states and mandates all organizations who process, store, access, or market data to maintain certain standards and implement protocols around data access, consumer authorization, and data breach notification.
Any company that holds, processes, or interacts with personal data on any EU citizen is bound by the GDPR rules, even if it has no physical presence in any of the 28 EU member states. Failure to comply with the law involves substantial penalties, including fines of up to €20 million (about $24 million) or up to 4% of global annual revenue, whichever is greater. This regulation poses huge repercussions for organizations across the globe who may have access to EU personal data.
Personal data is classified as any information which can be used to identify an EU citizen. This includes name, photo, email address, bank details, social media posts, medical information, and computer IP address.
The GDPR provides the following rights for individuals:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights in relation to automated decision making and profiling
The GDPR identifies the following responsibilities of affected organizations:
- Must appoint a dedicated Data Protection Officer depending on size of organization and nature of business
- Responsible to report data breach to the impacted EU citizen and Data Privacy Agency
- Must monitor the access to this personal data and audit for reason behind any organization accessing the data
- Have 72 hours to report data breach from the time of confirmed discovery
- Must issue clear “Opt IN” and approval
Since GDPR also regulates the exportation of personal data outside the EU, it is impacting the way global companies handle personal data.
Risk Management Outsourcing is a viable option to make you prepare for any possible scenarios and help you control business risks in relation with the new law. Risk management is key to successful GDPR compliance.
The holistic approach in meeting GDPR demands is through effective risk management together with cybersecurity and information technology enablers. This can help you avoid potentially painful future events by guiding you towards more informed decisions, integrating new technologies and processes, and leveraging the value of these integrations while managing your risk exposure.
Risk Management Solutions
Infinit-O Global enables organizations to create and execute strategic risk management and compliance solutions focusing on mitigating risks, increasing compliance, strengthening cybersecurity, and optimizing technology resources.
We utilize risk-adjusted performance management methods and latest technologies to help companies gain higher economic returns and increase stakeholder confidence by protecting against the impacts of business compliance. We have developed four pillars of success that work synergistically to help your company gain competitive edge through excellent People, Processes, Technology, and Security.
We’re here to help you achieve GDPR compliance and lead you to success! Contact us today.