The General Data Protection Regulation (GDPR) - Regulation EU 2016/679 - is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)/European Economic Area (EEA). It is a sweeping privacy law applying to all organizations processing personal data of EU citizens.
Whether an organization resides in the EU or merely transmits EU citizen data, global companies are affected by and are working to comply with the regulation. Adding to the complication, GDPR impacts departments across the enterprise - legal, IT and security - leading to the need to work across functions within the organization.
With a compliance deadline of May 25, 2018 quickly approaching, we are providing six (6) key components to achieving GDPR readiness.
- Data Protection - Plan, build, and run an appropriate security program to protect sensitive information.
- Data Governance - Understand your GDPR obligations as they relate to your business and activate your program to meet the obligations not already present in your organization.
- Data Classification - Analyze what data within your environment is relevant to GDPR and develop a proper classification scheme for ongoing data management.
- Data Discovery - Discover where sensitive data lives within your environment and setup structures for the ongoing management of such data.
- Data Access - Determine who has access to the data and setup rules for ongoing access management.
- Data Handling - Prepare for the chance of an incident and ensure that plans are in place to meet GDPR obligations regarding the handling of sensitive information.
Preparation and a full understanding of your security and privacy programs will help your organization avoid strict GDPR fines and penalties. You can also rest assured that, as with Privacy Shield and other such regulations before, NEI is taking steps toward compliance with all applicable laws.