In May 2018, the General Data Protection Regulation (GDPR) came into force in the EU. Many new and stringent requirements related to personally identifiable information (PII), need to be addressed.
All organizations with more than 250 employees and doing business with EU citizens must comply. Which means that if you have a website and a EU citizen visits and registers their information, you are responsible for their data.
The challenge for most organizations, is that documents containing PII are everywhere. On their servers, workstations, remote workers’ laptops, traditional ERP systems, in email servers, file shares, ECM platforms, cloud repositories, etc.
GDPR provides for the protection, processing, and movement of personal data. It covers information used to identify or profile a person to evaluate, analyze or predict behavior.
The law applies to recipients who give information freely when their personal data is processed. GDPR applies when specific, informed, and explicit consent by statement or action to signify agreement to process personal data.
Penalties are significant. Why run the risk of noncompliance?
Administrative fines can reach an amount of a maximum of EUR 20 million, or, if this is a higher amount, 4% of the total worldwide annual turnover of an organization.
Contact me! #JOEALONSO I will set you on the path to compliance bliss.
Your organization will be on the way to proper compliance and your CIO, IT Director will get a better sleep at night. Not to mention the CFO.