What is GDPR?
GDPR stands for General Data Protection Regulation (Regulation (EU) 2016/679).
Who does it apply to? Any organization (non-profit, for-profit, government) which controls or processes data belonging to EU residents.
When does it happen? The regulation goes into effect 25 May 2018. 9 months away.
What is it? 11 chapters and 99 articles of laws governing how data is collected, processed, protected, distributed, requested, transferred, provided, and deleted.
Overview of regulation: You must catalog the location and flows of all regulated data, both in your organization and in vendor/partner organizations. Then you must create technical processes to handle regulated situations, such as opt-in permission before collecting data; a customer requesting a copy of all held information; a customer requesting a deletion of all their information; or a regulator requesting proof that you performed these actions. Then you must test and train these processes to ensure they work in an efficient manner.
Why was it enacted? As a fix. The last significant legislation on the topic was from 1995—before the introduction of the Internet and cloud computing changed the way our data is used.
What you need to do
Determine if GDPR applies to your organization.
Do you have EU resident data in your system?
- Your company sells goods or services to EU customers.
- You are an IT provider. Some customers store regulated data on your servers.
- Your marketing department has web analytic data and customer databases which includes the EU.
- You run a popular website which sends out newsletters and hosts discussion forums.
Determine if you need help with this task.
- Do your current staff have the time, knowledge, technical skill, and process development background to make your organization compliant before May 2018?
Start now. May is coming up!
Consultant? Consider Kieri Solutions
Amira Armond, the president and CEO of Kieri Solutions, has the precise experience needed to prepare your organization for GDPR.
Technical: 15 years of experience with servers, networking, databases, websites, and system integration. As systems architect, holds an understanding of the entire organization’s computer systems and data flows.
Process: Certified Project Management Professional, with a Masters in Business. During her career, she has created thousands of technical procedures and lead the implementation of new systems.
GDPR: Has studied the hundreds of pages of regulation and understands (as best as any one can) the requirements and necessary actions.
Contact us for a free data flow analysis and plan: info@kieri.com 1-(301) 253-5150
References
FieldFisher Lawyer blog: Detailed analysis of what personal data is included in GDPR
FieldFisher Lawyer blog: GDPR is about actions, not compliance
Deloitte Analysis: New processes required by GDPR
The entire GDPR regulation, formatted for viewing online