EU General Data Protection Regulation Compliance

GDPR Compliance

A Practical Approach to the ​General Data Protection Regulation Compliance

The EU General Data Protection Regulation (GDPR) is the updated version of EU Data Protection Directive that came into action on May 15, 2016, and will come into effect on May 25, 2018. While it applies to all 28 European Union member state, it applies globally considering that many service organizations either store and/or process the personal data of EU citizens.

The new regulation emphasizes individual’s privacy rights when it comes to the protection of personal data. If your company hosts or processes the data that belongs to the EU citizens, you will be a subject to the GDPR compliance, including significant obligation, whereby a company could be fined up to €20,000,000 for a serious infringement.

What does it mean to your company?

Serving EU clients, a business must comply with the ​General Data Protection Regulation. Specifically, prior to storing and/or processing the personal data, a company must:

  • Obtain a clear, written consent
  • ​Obtain parent consent if Data Subject is under 16 years of age
  • Provide a copy of individual’s personal data when requested
  • Erase all personally identifiable records if and when requested
  • Provide “adequate” data security and privacy controls
  • Perform regular Privacy Impact Assessments
  • Notify of a breach within 72-hours
  • Appoint a Data Protection Officer (for large scale data processing)

GDPR Readiness

  1. Identify Key Data Assets
  2. Perform Complete Risk Assessment
  3. Develop and Implement Policies & Procedures
  4. Deliver Data Security Awareness Training
  5. Monitor Progress and Respond Timely

Allow us to Work with your Business

We make it easy for your company to understand the requirements, and become compliant, using a practical, 4-step approach. Call us today to schedule a consultation, and achieve compliance, fast.