If you do business internationally, chances are your privacy processes and procedures must hold up to the new General Data Protection Regulation (GDPR) regulations and requirements that went into effect on May 25, 2018.
This European Union (EU) regulation, intended to give people more control over their personal data and protect that information from risk, applies to any organization that conducts business in the EU. The GDPR is a complicated framework and represents the most sweeping change in data privacy regulation in decades. Many U.S. companies are struggling to meet its requirements.
You need an information security and compliance partner you can trust to help you navigate the GDPR.
With the extended jurisdiction of the GDPR comes the biggest change to the regulatory landscape of data privacy in decades. GDPR provides one set of data protection rules and applies to all companies processing the personal data of people residing in the European Union, regardless of the company’s location.
The GDPR also applies to the processing of personal data of data subjects in the EU by a controller or processor not established in the Union, where the activities relate to offering goods or services to EU citizens (even if payment is not required) and the monitoring of behavior that takes place within the EU. Non-EU businesses processing the data of EU citizens also have to appoint a representative in the EU.
According to the GDPR, personal data is any information that relates to an identified or identifiable living individual. If different pieces of information can be collected together to lead to the identification of a particular person, this information also constitutes personal data.
Examples of personal data are as follows:
Processing of data pertains to operations performed on personal data, including by manual or automated means. This covers a wide range of functions including the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
The GDPR contains a number of new requirements for businesses. Failure to comply can expose your business to the risk of substantial GDPR fines — up to four percent of global revenues for the most serious infringements, such as not having sufficient customer consent, according to the EU GDPR Information Portal.
The new requirements include:
Sword & Shield leverages our experience in data and information security compliance under various frameworks (GDPR, NIST, HIPAA, ISO, ITIL, etc.) to identify the gaps between GDPR requirements and your current security posture.
With the regulation recently going into effect and regulators announcing imminent GDPR fines, it’s time to understand your status and remediate your gaps. Organizations at varying stages of readiness can rely on Sword & Shield to provide clarity around GDPR compliance.
Sword & Shield employs its more than 20 years of information security and compliance expertise to partner with you to determine your status and assist you with fulfilling GDPR requirements. We get to know you through the following:
We are uniquely qualified to perform your GDPR assessment based on our ability to get to know your organization, systems, processes and documentation, and apply this information to GDPR using our compliance expertise. Sword & Shield’s GDPR assessment services include the following:
Let Sword & Shield help you to determine your data privacy and security needs, and implement safeguards to meet them.
Sword & Shield identifies gaps between your current policies, procedures, systems, and applications relative to the GDPR. The results of the analysis are used to create recommendations to assist with the remediation efforts required to reduce gaps and achieve compliance with the GDPR.
Following delivery of the final report, Sword & Shield provides you with your customized roadmap to GDPR compliance. The roadmap takes into consideration the controls that need to be addressed to lower risks and address compliance deficiencies.
Request a Free Consultation for our GDPR Assessment