The new laws apply to all businesses who hold EU Citizens' Personal Data regardless of geo-location. They both add new requirements on the storage & processing of personal data and tighten up existing regulations - the Data Protection Directive (DPD).
Companies will have to appoint a DPO responsible for advising on and monitoring GDPR compliance.
New regulations and requirements for collecting & recording personal data and processing activities to give citizens data sovereignty.
Data authorities and in certain cases consumers must be notified within 72 hours of breach discovery, with detailed breach analysis.
Tiered penalties up to 4% of global annual turnover (or €20,000,000 if higher) for serious violations & up to 2% for minor infractions.
Additional powers for local authorities to investigate data controllers & processors. New European Data Protection Board.
Introducing the appropriate technical and organisational measures to keep your data safe
Both data controllers and data processors have an obligation to report a data breach
Understand your business exposure and risk of penalty
Be prepared for the new data subject right to have data deleted (Right to Erasure)
Assessing data risk starts with knowing what PII you hold, where it is and who has access to it
Minimising unneeded exposure & ensuring only those with a legitimate need can access data
The relationship with Bytes SP is a long-term strategic one. The whole SP team are not seen as a supplier by figleaves.com, but as an extension of our team. Figleaves.com, Head of Operations