GDPR Compliance

What it means for consumers and companies?

GDPR Compliance 2018-07-11T14:39:04+00:00

General Data Protection Regulation

What is the GDPR? What data does it protect?

The General Data Protection Regulation (GDPR) is a new data protection framework that governs how organizations collect, process, and use the personal data of citizens of the 28 member states of the EU. The GDPR took effect in May 2018 and imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to people in the EU, no matter where the organizations are located.

Sensitive Personal Data
The GDPR has heightened requirements for processing highly sensitive personal data, including:​

  • Race or ethnicity​
  • Political, religious or philosophical beliefs​
  • Health information​
  • Sexual preferences​
  • Trade union membership

Many businesses are required to appoint a ​Data Protection Officer, including those processing high volumes of personal data

Penalties for Non-compliance: ​
Up to 4% of last year’s ​global sales or €20 million

Privacy Risk Assessment
Processing or storing data with a high risk to the privacy or rights of people in the EU? GDPR requires you to conduct a Data Protection Impact Assessment.

What does this mean for consumers and companies?

Consumer Rights

  • The RIGHT to withdraw consent and have all data removed​
  • The RIGHT to correct errors​
  • The RIGHT to be notified if data is endangered​
  • The RIGHT to request data in a portable format and to transfer data between companies

Company Responsibilities:

  • The RESPONSIBILITY to minimize data collection​
  • The RESPONSIBILITY to limit processing ​to the purpose for which data was collected​
  • The RESPONSIBILITY to conduct ​proactive assessments when processing consumer data​
  • The RESPONSIBILITY to record data processing activities and limit who can access consumer data
  • The RESPONSIBILITY to report breaches without undue delay, typically 72 hours​
  • The RESPONSIBILITY to be transparent about what personal data they collect and how it is used

How can Peters & Associates help?

We have leveraged expertise and experience to break the GDPR regulation down into four components with turnkey solutions in each:

1. Compliance
2. Data Service Requests (DSR)
3. Security
4. Incident Response Plans

For more information to get started with GDPR Compliance, contact a Peters & Associates representative:

CONTACT US

Network Security

Protect and safeguard the critical digital assets of your organization from hackers, competitors, and unauthorized employees. Keep your network, customer data and any sensitive information safe. A network security audit now will save potentially millions later, while protecting the health of your organization.

READ MORE

Upcoming event