We help our clients in reaching compliance with the EU General Data Protection Regulation (GDPR).
The General Data Protection Regulation (GDPR), put forth by the European Commission in 2012 and finally generally agreed upon by the European Parliament and Council in December 2016, has replaced the Data Protection Directive 95/46/EC. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors after it came into force in the spring of 2018.
The key changes imposed by the EU GDPR are:
- Fines of up to 4% of annual global turnover or €20,000,000, whichever is greater;
- Expanded scope, including all organizations that target EU citizens;
- Data Protection Officers (DPOs);
- Privacy impact assessment;
- Consent by data subjects;
- Mandatory breach notification;
- Cross-border data transfer;
- New subject rights;
- Privacy by design;
- Obligations of processors.
Most companies still need to make changes to fully comply with the regulation.
Our approach to GDPR compliance includes the following steps:
- Conduct a gap analysis to assess potential gaps in GDPR compliance and GDPR readiness.
- Identify and understand where personal data is being processed and where data flows.
- Analyze GDPR impacted policies around data processing and security.
- Develop a pragmatic GDPR action plan inclusive of technical and organizational measures to comply with requirements.
- Assist in implementation of risk prioritized remediation to comply with the GDPR.