No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

What the GDPR Means for Your Organization

by Steve Durbin
July 27, 2017
in Data Privacy, Featured
circle of years in blue with 2018 in red

A Primer on the New Global Privacy Law

For most organizations, the next year will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations. The GDPR has the potential to serve as a healthy, scalable, exportable regime that could become an international benchmark, but because of the effort required to report data breaches, it is absolutely essential that organizations prepare in advance.

The General Data Protection Regulation (GDPR) officially goes into effect in May of 2018 and will have an international reach, affecting any organization that handles the personal data of European Union (EU) residents, regardless of where it is processed. The GDPR adds another layer of complexity – not to mention potential cost and associated resources – to the issue of critical information asset management that so many organizations are struggling to come to terms with.

At the Information Security Forum (ISF), we consider this to be the biggest shake-up of global privacy law in decades, as it redefines the scope of EU data protection legislation, forcing organizations worldwide to comply with its requirements. This most certainly includes U.S.-based organizations. The GDPR aims to establish the same data protection levels for all EU residents and will have a solid focus on how organizations handle personal data. Businesses face several challenges in preparing for the reform, including an absence of awareness among major inner stakeholders. The benefits of the GDPR will create several compliance requirements, from which few organizations will completely escape.

However, organizations will benefit from the uniformity introduced by the reform and will evade having to circumnavigate the current array of often-contradictory national data protection laws. There will also be worldwide benefits as countries in other regions are dedicating more attention to the defense of mission-critical assets. The GDPR has the potential to serve as a healthy, scalable and exportable regime that could become an international benchmark.

Understanding the Consequences of Noncompliance

Most countries (including all EU nations) have established supervisory authorities to oversee the use of personal data. These supervisory authorities are government-appointed bodies that have powers to inspect, enforce and penalize the processing of personal data. In the U.S., a number of authorities enforce data protection requirements under the sectoral approach, most notably the Federal Trade Commission (FTC), which has substantial regulatory powers.

Supervisory authorities are granted investigatory powers by the GDPR, allowing them to investigate any complaint they receive through a variety of measures, such as audits and reviews of certifications and codes of conduct. Complaints may be received not only from the data subjects themselves, but also from any organization or association that chooses to complain or has been chosen by a data subject to represent their interests. These complaints can be submitted to any supervisory authority, not just the supervisory authority with territorial responsibility.

If an organization is found to be infringing on the requirements of the GDPR, supervisory authorities have a variety of corrective powers from which to choose. These include the ability to issue warnings and reprimands to controllers or processors, but also far more substantial powers, which can compel an organization to process data in certain manners or cease processing altogether, as well as force an organization to communicate data breaches to the affected data subjects.

The Time to Prepare is Now…

No organization that operates on a global footprint of suppliers can afford not to prepare for changes that will result from new GDPR compliance rules. Falling out of compliance with data regulation can really hit you in the pocketbook. The checklist of rules requires extreme preparation and responsibility, all of which must shouldered by the organizations who cannot look solely to government or regulators for help.

The GDPR is putting data protection practices at the forefront of business agendas worldwide. For most organizations, the next year will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations. Because of the effort required to report data breaches, it is essential that organizations prepare in advance.

Executive management will be responsible for ensuring an organization meets its legal obligations to implement the GDPR’s requirements. A Data Protection Officer (DPO) should be designated to act as a focal point for ongoing data protection activities. An organization’s governance functions, including information security, legal, records management and audit should ensure they are familiar with the requirements of the GDPR and have the necessary people, processes and technical solutions in place to achieve compliance.

With reform on the horizon, organizations planning on or already doing business in Europe should get an immediate handle on what data they are collecting on European individuals, where it is coming from, what it is being used for, where and how is it being stored, who is responsible for it and who has access to it.

In theory, an organization should have completed its GDPR preparations well before May 2018 in order to gain assurance from, and provide assurance to, third parties’ requests. This will require resources with the expertise and time to issue and process those requests. Data protection, legal and information security teams should plan for this task so they are not overwhelmed with requests closer to the enforcement deadline.


Tags: GDPR
Previous Post

TRACE: Understanding Sanctions

Next Post

DPAs and NPAs Are on the Rise

Steve Durbin

Steve Durbin

Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments. Previously, he was Senior Vice President at Gartner.

Related Posts

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

cpo and ciso

Allies in Privacy, Security & Compliance: Why Closer Collaboration Between CPOs and CISOs Benefits Everyone

by Maria D'Avanzo
September 28, 2022

As a former chief privacy officer (CPO) of a publicly traded commercial real estate services firm, Maria D’Avanzo worked in...

Next Post
multiple lines on graph showing upward trends

DPAs and NPAs Are on the Rise

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT