The General Data Protection Regulation (GDPR) came into effect on 25th May 2018, and applies to all organisations that process the data of European citizens.
Under the GDPR, data subjects will have enhanced rights whilst data controllers and processors will have additional obligations. Businesses that fail to comply with the regulation can face fines of up to €20 million or 4% of global annual turnover – whichever is greater.
The primary objective of GDPR is to hand back control of personal data to the citizens, and to unify the European regulatory environment.
What does GDPR mean for Businesses?
It is clear that the GDPR calls for additional efforts in compliance, including both technological and organisational measures. This is where we are able to help businesses, with multiple options included in our GDPR services that will help you to enhance your practices, following the deadline.
Potential challenges include:
- The GDPR is a large body of legislation that has business wide implications
- People, Process and Technology all feature in preparation for compliance
- As new legislation no standards exist to demonstrate compliance
- Access to technical expertise and financial resource
- The size, type and structure of the organisation means no “off the shelf” solution
- Complexity and diversity of information usage with the organisation
Whilst no single activity or technology will make a business GDPR ready, a series of activities such as documentation, accountability and training will set a business on the right path.
GDPR Compliance Program
Our team of experts accredited by IT Governance in GDPR, are able to conduct a GDPR compliance program.
This service includes everything from GAP assessments to consultancy and recommendations. For further information about the program, prices and how it could work for your business, simply contact us.