How is your organization preparing for GDPR regulations? 79% of companies have no plan for GDPR. With noncompliance penalties up to 4% of annual revenues, you can’t afford to marginalize privacy solutions. The reality is that half of all organizations will not be GDPR-compliant by the end of 2018. With about 160 requirements, we consolidated the key information into a bite-size summary.
GDPR, What is it?
The General Data Protection Regulation (GDPR) is enacted by the European Parliament, the Council of European Union, and the European Commission and will be fully in force as of May 1, 2018. The goal of this regulation is to strengthen, enforce, and consolidate data protection laws for the European public and to better regulate the exportation of personal data inside and outside the EU; relating to the collection, retention, deletion, breach, and disclosure of personal data.
Quite simply: organizations now must guarantee the right to privacy, confidentiality and control of data for all EU citizens.
In a nutshell, GDPR will...
- expand and strengthen data privacy rights
- fine any company doing business in Europe as much as 4% of annual revenue or €20 Million (whichever is greater) for noncompliance
- guarantee data subjects have first provided explicit, opt-in consent before any information is released
- ensure organizations comply with an individual’s right to be forgotten
- guarantee individuals are made aware of all data breaches within 72 hours of awareness
- Enable EU citizens to:
ii. achieve resolution through redress or compensation for privacy right violations within 45 days
iii. have complaints addressed and remedied with option for arbitration if not addressed
Why does GDPR exist?
To support European citizen’s right to control their personal data and limit the exploitative act of non-consensual sharing of information. With GDPR, more rigorous security measures will protect the confidentiality, integrity and availability of personal information. GDPR is non-industry specific and applies to all commercial and professional transactions of controllers and processors of data.
Who is responsible to comply with GDPR?
All European organizations, and any company conducting business in Europe or with European customers. This includes offering goods and services as well as processing EU citizen data. The U.S. Department of Commerce has collaborated with European Commission to develop a new standardized framework under the EU-US Privacy Shield Framework that effectively replaces Safe Harbor laws.
Why you should be worried...
Personal identifiable information (PII) and business critical files are usually unmanaged, unclassified, and dispersed amongst file shares, user desktops, siloed legacy repositories, and emails. Most of these documents are unknown to organizations, and the time investment associated with sorting, classifying, cleaning, and migrating this data is a daunting hurdle.
In the ever-growing world of big data, IoTs, and data crawlers, large enterprises will find it difficult to regulate permissible collection techniques and manage their scattered data. If handling current data is a struggle, then controlling the influx of future data will be impossible… and you’ll get hit with a large GDPR penalty.
Most companies will adopt anonymization and pseudonymization data collection strategies to meet GDPR standards, however there’s a catch 22. When both techniques are irresponsibly used together, it is reasonably likely these organizations will be able to re-identify individuals through cross-referencing their data collections…. and now you’ve been hit with your second GDPR penalty.
The first step to becoming GDPR compliant is understanding what data you have and where it lies, then automating all future document workflows to ensure all business processes are 100% compliant.
Automate compliance workflows to embed data privacy best practices and mitigate the risk of human error. Standardize data practices according to your jurisdiction with Shinydocs’ A.I.-powered Cognitive Analysis. Make informed decisions about your information according to risk and value. We have the solution that can be adopted right now across all your distributed repositories so you’re ready for GDPR’s 2018 arrival. Refusing to consider adoption won’t be worth the potential 4% revenue loss. We guarantee that our solutions will satisfy your compliance needs.
Did You Know...
The average cost per data breach in 2016 is pegged at $4 million, up 29% from the year prior - Fortune
The 2016 Telstra Cybersecurity Report states that nearly 60% of organizations surveyed lack sufficient cyber security and privacy staff to handle the increasing demands to address legal compliance and supporting robust information security best practices.
The digital economy is estimated to add $1.3 trillion dollar to global GDP.
It’s possible to personally identify 87 percent of the U.S. population based on just three data points: five-digit ZIP code, gender, and date-of-birth.
49% of Americans feel that their personal information is less secure now than 5 years ago.
A majority of Americans (64%) have personally experienced a major data breach.
91% of Americans feel that they lost control over the collection, use and disposition of their personal information.
Want to learn more about GDPR? The FAQ section on GDPR’s website is a great resource.