The General Data Protection Regulation (GDPR), the new data privacy law in the European Union (EU), is almost upon us. Starting May 25, 2018, GDPR will give individuals in the EU control over their personal data, create uniform data protection rules across the EU member states, and dictate the way organizations approach data privacy. GDPR requires businesses to be able to prove their compliance. The possible fines for non-compliance are up to €20m or 4 percent of global annual sales, whichever is greater.
Does GDPR apply to your business?
GDPR applies to all organizations that conduct business in the EU, as well as any organization that:
- Offers products and/or services to EU residents;
- Monitors the behavior of EU residents; or
- Handles the personal data of an EU resident.
Getting personal with GDPR
Under GDPR, residents of the EU are granted the rights to:
- Be informed about the processing of their personal data: what is collected, where it is stored, and why;
- Access their personal data, correct any inaccuracies, or have it deleted entirely;
- Have their data transferred from one organization to another (data portability); and
- Ask for the processing of their personal data to be postponed or stopped altogether.
Personal data under GDPR includes any information that can directly or indirectly identify an individual. This includes names, email addresses, web identifiers, and even IP addresses and/or device identifiers. GDPR also sets baseline data protection requirements for organizations that handle the personal data of EU residents, including:
- Implementing technical and organizational measures to ensure personal data is protected;
- Maintaining documentation to prove compliance with GDPR;
- Providing timely data breach notifications to the EU supervisory authority and, in some cases, to affected individuals or customers;
- Transferring personal data outside the EU only if the organization receiving the data has adequate safeguards to provide the level of protection afforded to individuals under GDPR; and
- Requiring certain organizations to appoint a data protection officer to oversee GDPR compliance.
In short, businesses have a lot to consider for their GDPR preparation, and a relatively short time remaining to ensure that they are in compliance with the new regulation.
Code42 is a valuable tool for enabling GDPR compliance. Code42’s feature set already includes tools to help organizations focus on the three critical elements of GDPR compliance: data protection, visibility, and recovery. Looking for more information about how Code42 can help your business prepare for GDPR? We have several resources to help.
Still have questions? Reach out to your Code42 representative. We’ll be happy to help.
It’s Time to Rethink DLP