We help our clients in reaching compliance with the EU General Data Protection Regulation (GDPR).
The General Data Protection Regulation (GDPR), which was proposed by the European Commission in 2012 and finally reached general agreement by the European Parliament and Council in December 2016, has replaced the Data Protection Directive 95/46/EC. Although many organizations have already implemented data protection processes and procedures that comply with the Directive, the GDPR includes a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors.
The key changes imposed by the EU GDPR are:
- Fines of up to 4% of annual global turnover or €20,000,000, whichever is greater;
- Expanded scope, including all organizations that target EU citizens;
- Data Protection Officers (DPOs);
- Privacy impact assessment;
- Consent by data subjects;
- Mandatory breach notification;
- Cross-border data transfer;
- New subject rights;
- Privacy by design;
- Obligations of processors.
Most companies still need to make changes to fully comply with the regulation.
Our approach to GDPR compliance includes the following steps:
- Conduct a gap analysis to assess potential gaps in GDPR compliance and GDPR readiness.
- Identify and understand where personal data is being processed and where data flows.
- Analyze GDPR-impacted data processing and security policies.
- Develop a pragmatic GDPR action plan, including technical and organizational measures to meet the requirements.
- Assist in the implementation of risk-prioritized remediation to achieve GDPR compliance.