EU GDPR is looming, and will affect millions of businesses.
Are you ready for the General Data Protection regulations?
360 Advanced can get you there
The European Union’s General Data Protection Regulation (GDPR) is among the most comprehensive personal data protection legislation enacted in the past 25 years.
Here are some key facts you should know:
- Any U.S based business that engages the European market through the offering of goods, services or data profiling will need to adhere to this new set of rules or potentially face substantial fines of up to four percent of the business entities annual gross revenue.
- Implemented to enhance the personal information rights for all individuals residing in the EU. It is extraterritorial, that is, extending its enforcement reach globally.
- Designed to simplify a previously fragmented EU regulatory environment, it will give individuals greater rights and control over their personally identifiable information (PII) by way of consent as well as the power to access, rectify or erase information held.
- GDPR can have a significant impact on your business potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training.
Here are recommended next steps from 360 Advanced to get you started towards GDPR compliance.
- Internal committee formed and lead assigned – The first step towards GDPR compliance is understanding your obligations and then obtaining executive signoff and commitment. The lead and appointed team (lead should likely be the identified as the Data Protection Officer) completes detailed and thorough review of the law as well as applicable training that is available. NOTE – consulting legal counsel should also be considered to determine applicability. A determination whether to move forward with the program is made by the committee in consultation with executive management.
- Internal Analysis and creation of the GDPR framework / program –NOTE – a consultant may be determined appropriate to be utilized to assist in developing the program. During this phase, GDPR related data must be identified and mapped so the organization understands what data is being held or processed and where this data resides (all systems as well as third-party providers). This means all personal data, including employees and volunteers, service users, members, donors and supporters and more. Once data has been identified, determine if processing is fair, lawful and allowed, delete unwanted data, complete a risk assessment, and a data impact assessment and determine how your organization will respond to data subject requests.
- Readiness Review (completed by 360 Advanced) – The 360 Advanced team will spend time onsite with key stakeholders to review the GDPR program and work that has been completed to date to ensure agreement to the scope and applicable requirements / state of readiness to demonstrate through testing that applicable articles / requirements are being met. 360 Advanced will discuss what is in place and what is absent to determine if the spirit of the applicable requirements are being met. As a result of this phase, your organization will have a detailed inventory of findings / gaps so that your organization is prepared to conduct remediation procedures to prepare for a final assessment.
- GDPR Assessment (completed by 360 Advanced) – 360 Advanced performs an assessment of the GDPR program by reviewing and documenting controls / practices in place, including testing of these controls and practices to demonstrate what is in place to meet GDPR. This phase ultimately concludes in a third-party report that can be provided to clients as well as prospects describing your GDPR program.
Should you have any specific questions on GDPR, please contact Eric Ratcliffe (email@example.com) from the 360 Advanced Client Development and Service Team. The effects of GDPR will differ from business to business, and 360 Advanced can of course provide you with tailored insights and solutions.