GDPR Controls

General Data Protection Regulation (GDPR) was passed by the European Union (EU) and impacts all businesses who handle personal information for any EU citizen. These regulations come with expensive fines and penalties.

Who falls under GDPR Regulations?

If you collect data from a European resident, you could be subject to GDPR controls.  This means if you are a company in Texas and you serve customers in Europe, you will most likely have to be GDPR compliant.  Click here to read more about who has to follow GDPR outside of Europe. Basic standards are expected for everyone who falls under these requirements.

GDPR Compliance Requirements

If you process data, you have to do so according to seven protection and accountability principles outlined in Article 5.1-2 – these are holistic and apply across your business; not just your IT department.

Our holistic approach covers these areas and more. Whether you need full coverage or to fill in your gaps, we have products to meet your needs.

Accountability for GDPR controls

The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. This isn’t something you can do after the fact: If you think you are compliant with GDPR but can’t show how, then you’re not GDPR compliant. Among the ways you can do this:

• Designate data protection responsibilities to your team.
• Maintain detailed documentation of the data you’re collecting, how it’s used, where it’s stored, which employee is responsible for it, etc.
• Train your staff and implement technical and organizational security measures.
• Have Data Processing Agreement contracts in place with third parties you contract to process data for you.
• Appoint a Data Protection Officer (though not all organizations need one — more on that in this article).