6 steps for GDPR compliance

GDPR law applies to all companies that collect and process data belonging to European Union (EU) citizens. You have every reason to fear it because failure to comply will be costly.

The General Data Protection Regulation (GDPR) is in the news these days — for good reason. This sweeping new law applies to all companies that collect and process data belonging to European Union (EU) citizens, even if this is done outside of the EU. This includes companies with operations in the EU and/or a web site or app that collects and processes EU citizen data. 

Key areas of the legislation cover privacy rights, data security, data control, and governance. The good news is the law will be pretty much identical in all 28 EU member states, meaning they only have to comply with one standard. However, the bar is set high and wide — forcing most companies to invest considerable resources to becoming compliant.

Failure to comply with GDPR could result in a hefty fine. If a company is found guilty of a breach that compromises an EU citizen’s data, the penalty could be up to 20 million euros or four percent of an enterprise’s worldwide revenue, whichever is larger! Putting that in perspective: a large enterprise could be fined hundreds of millions of euros for a single breach.

In addition, two pain points are conspicuous: a requirement to notify EU authorities within 72 hours of a breach, and another to prove your company’s security approach is state-of-the-art.

What’s mandated by GDPR

Since all of the GDPR requirements have not been finalized, some organizations have adopted a ‘wait-and-see’ approach. Let’s consider the new obligations being introduced by this regulation:

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.