Organisations doing business in Europe see six key areas of GDPR that are having the greatest impact on their business :
Requirement for a comprehensive data inventory and record keeping of all data processing activities – Article 30.
Boards must be able to demonstrate how they have integrated Accountability and Governance from the top down through the organization.
Mandatory data-breach notification within 72 hours to regulators and individuals –Article 33.
Managing Individual's Rights
Eight defined individual rights to be informed of processing, of access to data, to correct mistakes, transfer data, erase data, to object to processing, and to restrict processing, and to intervene on automated decisions made when processing data.
Data Protection Impact Assessments
Use of data-protection impact assessments (DPIA) for certain processing activities – Article 35
Data Protection Officers as a requirement for certain organisations – Article 37
Watch UKGDPR on InsureTV
Compliance and Security Debate
Questions to Consider
9. Have we adopted a cross-border data transfer strategy?
8. Have we appointed a Data Protection Officer (DPO) if required?
7. Have we an ongoing defined training plan?
6. Do we have an Incident Response plan and breach notification that meets the GDPR’s 72-hour notification requirement? Has this been tested through a workshop exercise?
5. Have we implemented a Privacy by Design program, and integrated Data Protection Impact Assessments into Standard Operating Procedures?
4. Do we have visibility of, and control over, what personal data we collect and the data flows across the enterprise?
2. What is our data foot print across the enterprise, including employee, customer and partner data?
3. Can we evidence GDPR compliance to regulators upon request?
1. Can we show how we have implemented the Accountability principle from the top down?
We're a group of privacy and security consultants with experienced GDPR practitioners and Data Protection Officers. We look forward to helping you align your company goals with appropriate and adequate organisational and technical measures.