what is the GDPR? what data does it protect?
The General Data Protection Regulation (GDPR) is a new data protection framework that governs how organizations collect, process, and use the personal data of citizens of the 28 member states of the EU. The GDPR took effect in May 2018 and imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to people in the EU, no matter where the organizations are located.
Sensitive Personal Data
The GDPR has heightened requirements for processing highly sensitive personal data, including:
- Race or ethnicity
- Political, religious or philosophical beliefs
- Health information
- Sexual preferences
- Trade union membership
Many businesses are required to appoint a Data Protection Officer, including those processing high volumes of personal data
Penalties for Non-compliance:
Up to 4% of last year’s global sales or €20 million
Privacy Risk Assessment
Processing or storing data with a high risk to the privacy or rights of people in the EU? GDPR requires you to conduct a Data Protection Impact Assessment.
what does this mean for consumers and companies?
- The RIGHT to withdraw consent and have all data removed
- The RIGHT to correct errors
- The RIGHT to be notified if data is endangered
- The RIGHT to request data in a portable format and to transfer data between companies
- The RESPONSIBILITY to minimize data collection
- The RESPONSIBILITY to limit processing to the purpose for which data was collected
- The RESPONSIBILITY to conduct proactive assessments when processing consumer data
- The RESPONSIBILITY to record data processing activities and limit who can access consumer data
- The RESPONSIBILITY to report breaches without undue delay, typically 72 hours
- The RESPONSIBILITY to be transparent about what personal data they collect and how it is used
We have leveraged expertise and experience to break the GDPR regulation down into four components with turnkey solutions in each:
2. Data Service Requests (DSR)
4. Incident Response Plans
For more information to get started with GDPR Compliance, contact a Peters & Associates representative:
Off-board your IT management to industry experts to keep your business tech secure and optimized so your teams can get back to business initiatives. Contact one of our IT consultants in Chicago to find out what secure, scalable, and optimized solutions are right for you.
SECURITY REVIEW FOR OFFICE 365
ONE TIME PHISHING TEST
VULNERABILITIES SCAN & REPORT