What Your Organization Needs to Know
The European Union (EU) General Data Protection Regulation (GDPR) has the potential to profoundly impact businesses across a multitude of industries such as finance, retail, healthcare, pharmaceutical, communications, and others consisting of organizations that possess the personal data of EU citizens. GDPR is a regulation drafted by the Council of the European Union with the goal of strengthening and unifying data security across the EU. It applies to personal data processing that is carried out by organizations that operate within the EU. Organizations located outside the EU that host or possess personal consumer data of EU citizens must still comply with this regulation.
GDPR protects any information that can be linked to an identifiable individual such as search-engine entries, employee authentication, payment transactions, closed-circuit-television footage, and visitor logs. The information can be in any format (structured or unstructured) and can be transferred in any medium including online, offline, or backup storage.
The GDPR contains 99 articles and is comprised of four main components:
- A set of data protection principles outlining the main responsibilities for organizations under the new policy.
- A list of rights for EU citizens that organizations hosting their personal data must adhere to.
- Provisions that promote accountability and governance. This means that organizations are expected to implement comprehensive governance measures to ensure transparency.
- The obligation to disclose breaches to the relevant supervisory authority within 72 hours, and in some cases to the individuals affected.
It mandates numerous privacy arrangements and controls designed to protect personal data. The GDPR requires organizations to show how they comply with the principles. Fines for non-compliance will cost up to €20 million (approximately $24 million) or 4% of the previous year’s total revenue, whichever is greater. One of the ways to comply with the GDPR articles is for companies to incorporate into their data privacy frameworks proper (meta) data management, as well as a commitment to build trust with clients and to safeguard personal data.
Strict enforcement of this regulation begins May 25, 2018. WILL YOU BE READY?
The sophistication of technology is advancing at a rapid pace. The growth of the internet, globalization, and the potential threats to data security have driven the EU to develop new regulations to help safeguard information. No matter where you are in your GDPR compliance journey, Wilson Consulting Group (WCG) has the expertise to assist you by conducting a GDPR assessment and the following services:
- Compliance Testing: WCG conducts compliance tests to identify the potential gaps and vulnerabilities within your current personal data infrastructure and we provide recommendations for improvement to ensure you are in alignment with the GDPR regulation. This service will position your organization to better protect data and to have effective operational procedures for handling data safely.
- Incident Response Management: WCG reviews, revises, and refines your incident response policy, plan, processes, and procedures to ensure they align with the GDPR articles. We enhance your incident response capabilities, including your breach notifications, which allow you to better identify, protect, detect, and respond to any potential and/or actual personal data incidents. Organizations that have used this service have become more proactive and better prepared to handle potential privacy breaches or legal disputes.
- Data Lifecycle Management: WCG works with your organization to develop viable mechanisms for identifying and managing new personal data being processed and used. We help you to develop strategies to appropriately determine data storage, security, handling, and transmission. We work with you to develop appropriate checkpoints and controls to ensure ongoing GDPR compliance. After working with us, data security threats are mitigated and minimized making your data lifecycle resilient.
- Data Privacy Assessment and Management: WCG analyzes your organization’s data privacy management program, conducts privacy impact assessment (PIA), and develops a strategy for implementing privacy controls that are compliant with GDPR requirements. After working with us, your organization will be in a better position to secure and manage personal data against potential risks. Data privacy must be incorporated into your data privacy management program and must serve as an anchor for achieving and maintaining compliance. Organizations that have used this service have been able to:
- reduce the privacy risks of data management,
- reduce the chance that the organization or its staff or customers will suffer financial or reputational harm, and
- achieve competitive advantages by reflecting the importance the organization places on protecting personal data thereby earning trust.
A structured privacy approach simplifies privacy management and provides a comprehensive data privacy framework.
- Data Strategy and Governance: WCG develop a comprehensive governance structure designed to function beyond the GDPR enforcement deadline. It is important to examine the security impact of any change to technology, processes, or personnel and to mature your organization’s approach of embedding privacy and security into all business activities. After working with us, your organization will have proper data governance and will be able to employ appropriate collection, authorized use, access, security, destruction, and privacy techniques at every stage of product development.
- Policy Management: WCG analyzes, reviews, and refines all relevant policies to ensure consistency with GDPR requirements. We will help you develop policies that enable your organization to better manage the rights of data subjects, the legal basis of all held data, and the agreements between you and third-party vendors, suppliers, and partners. Policies are intended to be long-term and often help guide the development of rules to address specific situations. Organizations that have used this service have improved their ability to consistently align Personal Data Management Policy with overall Business Strategy.
Our goal is to ensure that our clients are compliant, secure, and protected so that their customers will also feel assured. WCG is committed to assisting organizations as they work to meet the requirements of the GDPR ahead of May 2018 and beyond.
Call today to ensure you are ready for GDPR enforcement!