Ensuring GDPR Compliance for Your Enterprise
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25. If your company does business internationally, its electronic privacy processes and procedures must comply with GDPR requirements. This article discusses the new framework and ensuring GDPR compliance within your organization.
What is the GDPR?
The GDPR is concerned with data privacy and contains a number of new requirements for businesses. Failure to comply can expose your business to the risk of substantial fines — up to four percent of global revenues for the most serious infringements, such as not having sufficient customer consent, according to the EU GDPR Information Portal.
The new requirements include:
- Consent. Before any personal data can be processed, your company must receive consent from the individual. The consent can be withdrawn at any time.
- Breach Notification. Supervisory authorities must be alerted to personal data breaches within 72 hours of your company becoming aware of it.
- Right to Access. Individuals have access to their personal data and can request a copy of it.
- Right to be Forgotten. An individual may request that your company erases their personal data and stops processing it.
- Data Portability. Individuals can request a copy of their personal data in a format that can be transferred to another company.
- Data Minimization. Your company can only hold and process the data absolutely necessary for the task at hand.
How GDPR Compares to Other Frameworks
The GDPR is a complicated framework and represents the most sweeping change in data privacy regulation in decades. Many U.S. companies are struggling to meet its requirements. In April, Crowd Research Partners’ 2018 GDPR Compliance Report revealed that only 40 percent of organizations were either GDPR compliant or well on their way to compliance.
Findings of the study to explain this shortcoming include the following:
- While 80% confirm GDPR is a top priority for their organization, only half say they are knowledgeable about the data privacy legislation or have deep expertise.
- An alarming 25% have no or only very limited knowledge of the law.
- The primary compliance challenges are lack of expert staff (43%), closely followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%).
How We Can Help
Sword & Shield specializes in compliance and staffs experts who can help by identifying gaps between your current policies, procedures, systems, and applications relative to the GDPR.
Sword & Shield’s GDPR Assessment Services can help you to determine your data privacy and security needs and implement safeguards to meet them. Our experts will provide you with a customized roadmap to meeting GDPR requirements, lowering risks, and addressing compliance deficiencies. Request a consultation to get started.