What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation drafted by the Council of the European Union with the goal of strengthening and unifying data security across the EU. The aim of the GDPR is to protect all EU residents from privacy and data breaches as the number of data breaches and exposed individual records is growing exponentially since 2005.

GDPR regulates the processing of personal data of individuals residing in the European Union, and it applies to both public and private organizations, regardless of whether the processing takes place in the EU or not. GDPR protects any information that can be linked to an identifiable individual such as search-engine entries, employee authentication, payment transactions, closed-circuit-television footage, and visitor logs.

The information can be in any format (structured or unstructured) and can be transferred in any medium including online, offline, or backup storage.

The GDPR contains 99 articles and is comprised of four components:

  • A set of data protection principles outlining the main responsibilities for organizations under the new policy.
  • A list of rights for EU citizens that organizations hosting their personal data must adhere to.
  • Provisions that promote accountability and governance. This means that organizations are expected to implement comprehensive governance measures to ensure transparency.
  • The obligation to disclose breaches to the relevant supervisory authority within 72 hours, and in some cases to the individuals affected.
  • Right to access: data subjects have the right to obtain information as whether or not their information is being collected, where and for what purposes.
  • Right to be forgotten: data subjects have the right to request personal data to be erased, ceased from further dissemination, and stopped from processing by third parties.
  • Data portability: data subjects have the right to transmit their personal data to another organizations; no institution or organization has data ownership.
  • Breach notification: all organizations are required to notify customers and controllers about a data breach within 72 hours of first having become aware of the breach.
  • Privacy by design: organizations are legally required to include data protection when designing their systems.
  • Data protection officer: DPOs are created to monitor compliance, inform and advise on obligations, and serve as a direct link between data subjects and other authorities in each member states.
  • The regulation applies to all organizations processing the personal data of data subjects residing in the EU.
  • The location of your organization does not matter.
  • If your organization breaches GDPR, you can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

Aggressive enforcement in 2019

Many considered the 2018 as the grace period for enforcing the GDPR. The regulators have clarified parts in the GDPR that have not been clear enough in the beginning. As a result, multiple adjustments have been made to better clarify the regulations. 2019 will be, therefore, the year of enforcement where organizations will either comply with the law or face high fines imposed by the European Commission. The European Data Protection Supervisor Giovanni Buttarelli stated in a 2018 Reuters interview: “I expect first GDPR fines for some cases by the end of the year 2018. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum”.

  • 95,180 individuals submitted complaints to Data Protection Authorities.
  • 30,000 complaints were only submitted from December 2018 to January 2019.
  • 41,502 data breach notifications by organizations.
  • The major fines under the GDPR include €50 million imposed by the French CNIL (French administrative regulatory body) on Google for violations of the GDPR’s transparency and consent requirements.

Do you know your compliance status with the GDPR? WCG can help you by providing

  • GDPR Compliance Assessment: WCG conducts compliance tests to identify the potential gaps and vulnerabilities within your current personal data infrastructure and we provide recommendations for improvement to ensure you are in alignment with the GDPR regulation. This service will position your organization to better protect data and have effective operational procedures for handling data safely. This compliance assessment also includes:
  • Data Privacy Assessment : WCG analyzes your organization’s data privacy management program, conducts privacy impact assessment (PIA), and develops a strategy for implementing privacy controls that are compliant with GDPR requirements. After working with us, your organization will be in a better position to secure and manage personal data against potential risks.

Depending on where you are with your GDPR compliance journey, you may need assistance with one or more of following services:

Get in touch with our GDPR experts

Contact us today. Our experts are here to help you avoid fines and ensure compliance.

GDPR Assessment Services  

How WCG will help you

We will help you develop policies that enable your organization to better manage the rights of data subjects, the legal basis of all held data, and the agreements between you and third-party vendors, suppliers, and partners.

Our goal is to ensure that our clients are compliant, secure, and protected so that their customers will also feel assured. WCG is committed to assisting organizations as they work to meet the requirements of the GDPR ahead of May 2018 and beyond.

Get Started Now

Other Compliance Assessment Services You May be Interested In:

huniversity-ser

Gramm-Leach Bliley Act (GLBA)

WCG assists these institutions in determining their level of compliance within the GLBA by ...

huniversity-ser

General Data Protection Regulation (GDPR) Compliance

WCG goal is to ensure that our clients are compliant, secure, and protected so that their customers ...

huniversity-ser

(FISMA) Assessment

WCG provides experienced consultants to assist federal agencies to improve their security posture ...

huniversity-ser

Health Insurance Portability and Accountability Act (HIPAA)

WCG assists organizations to assess and determine their compliance with the HIPAA regulation ...

huniversity-ser

Privacy Impact Assessment (HIPAA)

WCG focuses on privacy threats and breaches that affect organizations and helps them ...

huniversity-ser

System and Organization Controls (SOC) Audit

WCG has been a reliable partner for service organizations struggling to ensure compliance ...