GDPR Is Now In Effect.
How Will It Impact Your Organization?
To begin with, what exactly is GDPR? GDPR stands for General Data Protection Regulation and is a new European Union law enacted to protect personal data of European citizens. It was approved by the EU Parliament in 2016 and went into effect on May 25, 2018. Companies can be subject to fines (up to €20 million, or 4% of worldwide annual revenue) if they are not GDPR compliant after May 25, 2018.
We Are U.S. Based, So How Does This Impact Us?
GDPR applies to any company, regardless of size or location, if it processes or stores the personal data of citizens residing in the EU. It’s also important to point out that GDPR rules apply to both data owners and data processors, meaning cloud based companies, or SaaS providers are not exempt from enforcement or fines.
What Is Considered “Personal Data” Under GDPR?
Under GDPR, personal data is considered any information related to a natural person or “Data Subject,” that can be used to identify the person. Personal data includes names, addresses, photos, email addresses, financial information, social media posts, medical related details, and computer IP addresses.
What Do We Need To Do To Comply With GDPR?
Your organization’s GDPR obligations will be based on the type of business you conduct and the how you use of EU citizen personal data. The GDPR may require you to update your privacy policies, review and update Data Protection Agreements with customers and vendors, update data breach notification policies and procedures, develop a system for recording data processing activities, and possibly appoint a Data Protection Officer to provide oversight.
Let Us Help!
Our Risk Assurance Team is here to help guide you through the process of understanding GDPR and how to comply with the regulation based on your specific GDPR risk footprint.