General Data Protection Regulation (GDPR) was passed by the European Union (EU) and impacts all businesses who handle personal information for any EU citizen. These regulations come with expensive fines and penalties.
Who falls under GDPR Regulations?
If you collect data from a European resident, you could be subject to GDPR controls. This means if you are a company in Texas and you serve customers in Europe, you will most likely have to be GDPR compliant. Click here to read more about who has to follow GDPR outside of Europe. Basic standards are expected for everyone who falls under these requirements.
GDPR Compliance Requirements
If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2 – these are holistic and apply across your business; not just your IT department.
Accountability for GDPR controls
The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. This isn’t something you can do after the fact: If you think you are compliant with GDPR but can’t show how, then you’re not GDPR compliant. Among the ways you can do this:
- Designate data protection responsibilities to your team.
- Maintain detailed documentation of the data you’re collecting, how it’s used, where it’s stored, which employee is responsible for it, etc.
- Train your staff and implement technical and organizational security measures.
- Have Data Processing Agreement contracts in place with third parties you contract to process data for you.
- Appoint a Data Protection Officer (though not all organizations need one — more on that in this article).
Are you struggling with proving the accountability expectations of GDPR? CyberCompass not only gets you compliant quickly but provides all the documentation you need in the event of an audit. We cover your entire business ecosystem through your people, processes, technology and vendors.
- Our certified CyberCompass commander guides you through a risk assessment
- Network scans and penetration testing help pinpoint vulnerabilities
- A prioritized risk report gives you the knowledge and power to manage your risk
- Document corrective actions taken to reduce vulnerabilities
- Audit ready reports with a simple click of a button
- Cybersecurity awareness training included through CyberCompass Academy
- A full suite of policies and procedures meet GDPR regulations
- Vendor management and tracking helps protect customer data