GDPR readiness, implementation, compliance: Evolving and expanding data privacy protection.
In response to the need for greater data privacy and protection, the European Union (EU) enacted the General Data Protection Regulation (GDPR) to govern the collection, processing, use and storage of personal data relating to any individual in the EU (citizens, residents and visitors) as well as EU citizens living abroad. The regulation applies to all organizations processing and holding the personal data of these individuals, regardless of the organization’s location.
The GDPR will be enforced beginning May 25, 2018. Penalties for noncompliance are significant. Organizations in breach of GDPR can be fined up to 4 percent of annual global revenue or €20 million (whichever is greater).
With the EU’s GDPR enforcement date looming and many organizations only now beginning to determine their level of exposure or liability under the regulation, use this quick assessment to determine your organization’s data footprint and potential impact.
Readiness and gap assessment
- Documentation of current state relative to GDPR requirements
- Assessment of the GDPR regulation’s potential impact on your organization
- Assessment of the processes your organization currently has in place and development of a roadmap for GDPR compliance
Data discovery and impact assessment
- Inventory of data capture, use and purpose
- Inventory of data storage
- Development of process maps and GDPR requirements
Control framework design and deployment
- Design – Assistance with selection of a suitable information security and privacy framework and controls for your organization with regard to its compliance requirements (including GDPR and other applicable regulations)
- Deployment – Implementation of controls, policies and procedures that will allow your organization to achieve and maintain GDPR compliance, while at the same time allowing your organization to continue its work
Monitoring or internal auditing
- Periodic review and validation of organization processes to assess your operations relative to plans and continued compliance with GDPR requirements