- June 3, 2018
- Posted by: Ron Frechette
- Category: Blog
On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect as the primary law regulating how companies protect EU citizens’ personal data. In addition to EU members, it is important to note that ANY company that markets goods or services to EU residents, REGARDLESS of its location, is subject to the regulation. As a result, GDPR will have an impact on data requirements in the United States.
All organizations, including small to medium-sized companies and large enterprises, must be aware of all GDPR requirements and be prepared to comply by May 2018. GoldSky security assessors can assist in the process of achieving GDPR compliance.
The GoldSky Compliance Gap Assessment will focus on the specific requirements of the EU-US Privacy Shield and GDPR Security Requirements. This will include:
- Interviews with key personnel in core functional areas and information technology;
- Review of documentation to support EU-US Privacy Shield and GDPR compliance;
- Testing of identified EU-US Privacy Shield and GDPR controls;
- Identification of gaps in the Organization’s compliance with the EU-US Privacy Shield and GDPR;
- A detailed Remediation Roadmap with recommendations to assist in closing GDPR gaps.
The GDPR itself contains 11 chapters and 91 articles. Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects for data processing;
- Anonymizing collected data to protect privacy;
- Providing data breach notifications;
- Safely handling the transfer of data across borders;
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance.
Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data.