Are you ready for GDPR? Penalties, that is. The General Data Protection Regulation (GDPR) from the European Union (EU) has been announced and required for ANY company that sells to or monitors European citizens, since early 2016.
GDPR is an international law that has already been enacted. This law is intended to clarify and strengthen prior privacy laws and is extremely encompassing, and global in nature. It enforces that data is used in a lawful, fair and purposeful manner. It requires companies who use personal data to do so in a minimalistic fashion, ensure the data is accurate, protected, and durable. The responsibility for the compliance focuses on the use, or processing, of the data. The scope drives responsibility from the controller of the system down to the potentially multiple processors and sub-processors, making this thorough and inescapable for most businesses.
This law requires that EU citizens be given certain rights when they use software systems. These basic privacy rights are:
- Right of Access
- Right of Rectification
- Right of Erasure
- Right of Restricted Processing
- Right of 3rd-Party Notification
- Right of Data Portability
- Right to Object
Any company that is found to be in breach of these new requirements will be subjected to a €20 Million or 4% revenue penalty, whichever is greater. For those companies that have only started their analysis or partially through their implementation may face a €10 Million or 2% revenue penalty. This law has significant risk for smaller businesses who are not in compliance or only partially compliant.
There is no doubt that GDPR is the biggest change in recent privacy law. Taking a risk-based approach to your implementation will be important. Your implementation could be large, take years and cost millions, or it could be as simple as documentation, change of process and some new technology.
Links to the specifics of this new regulation can be found on our site at https://www.americancsm.com/frameworks/gdpr/ and on the EU’s official website: http://www.eugdpr.org/
If you are unsure if GDPR applies to you, or wish to investigate with an assessment, please contact us at American Cyber Security Management today.
*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by seasoned experts. Our Privacy specialist can help you make sense of and comply with GDPR.