The importance of embracing business performance improvement (BPI)
Business performance improvement, powered by insights from customer conversations, makes it possible to connect the dots between insights and action. ...
The Team at CallMiner
April 05, 2018
Have you heard about the General Data Protection Regulation (GDPR)? If so, you’ve probably realized that it is not just one of many other data protection frameworks or requirements. GDPR is considered to be one of the most significant information security and privacy laws of our time and is the top regulatory focus of 2018, even among US companies. With the May 25, 2018 deadline for GDPR compliance creeping closer, it’s important to understand if or how this new legislation is going to affect your business and ask yourself: are you ready for GDPR?
What is the Purpose of GDPR?
The concept of people owning their personal data and having data rights was a focus of the 1995 European Union Data Protection Directive (DPD), which was created to make the processing of personal data fair and lawful. The DPD set a minimum standard for data protection laws among EU Member States, but the Directive needed updating because technology, information security threats, and the way we share data have changed dramatically in 20 years.
Born out of cybercrime threats, technology advances, and concerns about data misuse, the EU’s GDPR will require data controllers and data processors, organizations that handle personal data of EU residents, to “implement appropriate technical and organizational measures…to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.” GDPR applies to any entity performing activities like collecting, using, storing, disclosing, or combining personal data of any data subject in the EU. What is personal data, according to GDPR? Personal data is defined as any information relating to an identified or identifiable person, or data subject, who can be identified by a name, an ID number, location data, or physical, physiological, genetic, mental, economic, cultural, or social identity.
GDPR doesn’t just apply to organizations physically located in the EU, but also any organization in the world providing services to data subjects within the EU. The cost of non-compliance greatly exceeds the cost of compliance. GDPR is enforceable and is equivalent to a US Federal Law, and failure to comply with GDPR can lead to fines of up to €20 million or 4% of annual global turnover – whichever is greatest.
What are the Roles involved with GDPR?
GDPR requirements depend on performing one of several data processing roles, so determining what role your organization plays sets the groundwork for determining which GDPR requirements apply to you. Is your organization one of the following?
There are two other important roles set forth in GDPR:
Because GDPR becomes enforceable May 25, 2018, Supervisory Authorities have not yet issued any enforcement action to give us case studies or clarify compliance requirements. In this pre-enforcement phase, it’s crucial to monitor regulatory developments as they come out. If you haven’t begun preparing for GDPR compliance, you should start now. In a highly data-driven world, it’s our responsibility to help protect organizations from data and privacy breaches.
Originally from KirkpatrickPrice.
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.
Subscribe to our monthly e-newsletter to receive the latest on conversation analytics