The General Data Protection Regulation (GDPR) is one of the most important movements in the area of data protection in recent years. It was passed into European Union (EU) law on 28th April 2016 and will become enforceable on 25th May 2018. In summary, the GDPR defines controls around how organizations store and process the personal data of EU resident, irrespective of where the organization is based, owned, or operating. it is EU residents not citizens. Further, an EU resident traveling in the US and doing business in the US, e.g. purchasing something at a retail brick and mortar store here, does not result in that store being subject to GDPR. That same person purchasing something from the same store BUT while the person is in the EU and the purchase is done over the internet, DOES result in the store being subject to GDPR; at least that is the position of the EU regulators, although not yet tested in court.
Anyone storing or processing the personal data of an EU resident must comply with the GDPR or face significant fines in the event of an audit or data breach. Those fines can be up to 4% of the organizations global turnover or €10m, whichever is greater. With this level of impact, it is vital that all organizations understand their obligations under the GDPR and take appropriate measures to ensure they are compliant demonstrating that the proper controls are in place to protect information.
GDPR was designed to simplify the current requirements and not introduce a massive new burden on organizations. In fact, GDPR consolidates the 28 distinct implementations of the previous Data Protection Directive (95/46/EC) into one regulation for consistency, standardized version control, and reporting.
CTI Global can be engaged to complete a GDPR Gap Analysis and Compliance Remediation Plan.
CTI Global will: