GDPR

GDPR enforcement goes into effect in May 2018. Are you ready? Most organizations currently aren’t.

Get prepared and plan ahead to protect your sensitive data against targeted attacks and breaches while ensuring data privacy – or take the risk and pay the price!

Overview

The General Data Protection Regulation (GDPR) (Regulation EU 2016/679) was adopted by the European Council and the European Commission on April 27th, 2016 and will be going into full effect on May 25th, 2018. The intended purpose of the Regulation is to strengthen and unify data protection for all individuals within the European Union (EU) while giving them better control over their personal data.

Mandatory for all EU Member States and regardless of national legislation, the GDPR binds public and private organizations significantly increasing their compliance obligations with respect to privacy. Non-compliance is punishable with punitive fines high enough to bring this matter at the top of the corporate agenda.

 

Where it Applies

GDPR applies to any organization of any size, even if they are located outside of the EU, as long as they collect, store and/or process personal data of EU citizens.

GDPR Requirements

With new obligations on data subject consent, data anonymization and transparency, privacy by design and by default, the GDPR requires organizations which process EU citizens’ data to undertake major operational reforms regarding several factors:

GDPR_GRAPH_

Penalties

The GDPR makes security an absolute requirement for organizations of any size processing EU citizens’ data. Serious infringements will be penalized with fines of up to either €20 million or 4% of total annual worldwide turnover, whichever is higher. Fines are determined by the nature and severity of the infringement.

Challenges

  • The precise knowledge of what data is collected, where it is stored, and why it is processed

 

  • Careful assessment of data collected to ensure appropriate processing e.g. pseudonymization (masking)

 

  • Defining and segregating business needs to ensure that required consent is appropriately collected

 

  • Taking cost-effective measures to reduce the risk of GDPR violations without jeopardizing operational priorities

 

  • Implementation of a Data Protection Framework within the organization which enforces appropriate governance, and facilitates the identification and implementation of privacy by design and by default opportunities

 

 

 

What we can do for you

We are proud of our uniquely qualified blend of compliance professionals, data protection experts, and information security specialists whose collective knowledge, experience and expertise can address both the legal/compliance aspect as well as the technical challenges of the GDPR enforcement. By employing a holistic approach and utilizing ground experience in all major industries, we can help you address the challenges that the GDPR presents. The GDPR Readiness Assessment is a high-level evaluation of your organization’s readiness to meet mandatory compliance requirements with the GDPR. Odyssey™, with its cumulative knowhow and expertise, can provide such an assessment upon request.