The GDPR comes into effect in less than 75 days, and with fines of up to 4% of your total revenue per infraction, it’s critical to understand your company’s exposure.
With the intent of making businesses more accountable for breaches and loss of data, this legislation is being taken very seriously, and organizations are likely to face assessments to ensure their policies are in line with the rules.
With the May 25 deadline looming, many organizations are still trying to decode what the regulation entails and what it means for their business. And it isn’t for the faint of heart, it includes understanding how you currently handle data and the range of IT security measures you have in place.
Article 17 has drawn a lot of attention (and is causing just as much angst), as it gives customers the right to ask businesses to erase their personal data. Fulfilling this request requires a detailed understanding of what types of data you currently collect from your customers and clients, and where you store this data. To date, Google has received 2.4 million “right to be forgotten” requests, with 85% of those requests from private individuals. While you are likely not the size and scope of Google, all businesses need to prepare to execute these requests and have an audit trail to demonstrate compliance.
DataEndure is helping clients prepare for GDPR by understanding which articles of GDPR matter to their company and creating an actionable list to move forward with. We have created an easy-to-use template for organizations to use to keep track of data processing and stay compliant.