GDPR deadline is approaching before that every organization that is offering good & services to the EU citizens must have to comply with it.
non compliance may cost organizations severe penalties of €20 million or 4% of their global turn over(whichever higher).
GDPR’s scope and requirements are deep and complex, so prepare for it now to help ensure compliance. The regulation requires a programmatic approach to data protection – like “SOX for privacy” “ISO27001 or PCI-DSS for security” – so you’ll need a defensible program for compliance and to prove you’re acting appropriately. Ask your organization these questions:
- What is our data footprint in the European Union (e.g., data about employees, consumers and clients)?
- Are we prepared to provide evidence of GDPR compliance to EU or US privacy regulators, who may request it on demand?
- Do we have visibility of and control over what personal data we collect? How do we use it? With whom do we share it?
- Do we have a privacy-by-design program, with Privacy Impact Assessments (PIAs), documentation and escalation paths?
- Do we have a tested breach-response plan that meets GDPR’s 72-hour notification requirement?
- Have we defined a roadmap for GDPR compliance?
- Have we identified a Data Protection Officer (DPO) as required by GDPR?
- Have we adopted a cross-border data transfer strategy?
GDPR program implementation areas
Strategy and governance
Define an overarching privacy program governance structure, roles and responsibilities designed to coordinate, operate and maintain the program on an ongoing basis.
Policy management
Privacy policies, notices, procedures and guidelines are formally documented and consistent with applicable laws and regulations.
Cross-border data transfer
Determine cross-border data transfer strategy based on current and future planned data collection, use and sharing.
Data life-cycle management
Create ongoing mechanisms to identify new personal data processing and use activities, and implement appropriate checkpoints and controls.
Individual rights processing
Enable the effective processing of consent and data subject requests, such as data access, deletion and portability.
Privacy by design
Develop a strategy and playbook for “privacy by design” to incorporate privacy controls and impact assessments throughout the data life-cycle for new and changing data use initiatives.
Information security
Identify existing security information protection controls and align security practices with GDPR considerations.
Privacy incident management
Align incident response processes with GDPR specifications and reporting requirements. Establish a triage approach to evaluating potential privacy breaches and incidents.
Data processor accountability
Establish privacy requirements for third parties to mitigate risks associated with access to the organization’s information assets.
Training and awareness
Define and implement a training and awareness strategy at the enterprise and individual level.
We at Aristi can help you comply with the GDPR, Our team of industry certified, experienced data privacy and cyber security professionals can help you deploy GDPR into your organization.