<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=371594&amp;fmt=gif">

What is GDPR?

On May 25th, 2018, the new General Data Protection Regulation (GDPR) officially took effect. This piece of legislation is critical to various industries and businesses, but what exactly does it encompass?

GDPR’s primary goal is to protect individuals, specifically in the European Union (EU), when it comes to their personal information. It safeguards EU clients by ensuring that businesses use and store data properly.

Specifically, GDPR establishes the responsibility of data processing between two parties, “controllers” and “processors.” The “controller” is essentially the original “owner” of the data and is held accountable for defining how the data will be used. In contrast, the “processor” enforces GDPR compliance by effectively managing and storing the data.

The new GDPR replaces the Data Protection Act of 1998 by updating regulations of how personal data is handled. A major influence of GDPR is the world’s growth in the digital space, which leaves room for misuse of data and unfortunately even data breaches. With GDPR, businesses need to know where their client’s data is stored at all times, and should take into consideration all risks that may arise in every data processing activity.

new_york_usa.jpg

There is a misconception that GDPR compliance only applies to businesses in the EU, however that is not the case. According to the territorial scope, any U.S.-based company that uses the internet to market their products and services, or that maintains a web-presence, needs to be compliant.

In particular, this applies to businesses that collect “ personal data or behavioral information from someone in an EU country.” It is important to note that an individual does not have to buy a product or service to be protected by GDPR.  

No matter where your company is located, if you serve EU individuals or have the potential of gathering data from the EU, you are subject to hefty, non-compliant fines.

Who Should Be Worried about GDPR?

  • GDPR Compliance and General Data Protection Regulation Law Firms
  • GDPR Data Processor and Data Security and Privacy Banking and Financing
  • Risk Mitigation Strategies and Privacy Impact Assessment Online Retailers
  • Data Security and Privacy and GDPR Compliance Software Energy Suppliers
  • Privacy Impact Assessment  and GDPR Consultant Cloud Providers
  • GDPR Compliance Software and GDPR Consultant Medical and Healthcare
  • GDPR Consultant and GDPR Data Processor Lodging and Hospitality
outsourcing.jpg

How Does GDPR Affect Outsourcing?

Many businesses that use outsourcing are concerned that GDPR will affect third-party relationships. GDPR compliance merely means that both you and your outsourcer need transparency when it comes to data processing systems. More than likely, reliable and professional outsourcers already have required data protection systems in place. Great outsourcing companies will be willing to demonstrate they are GDPR-compliant, and how they can help you fulfill compliance.

By working with a GDPR-ready outsourcing company, data controllers will ensure that data processing activities are handled in an appropriate manner. After all, according to GDPR, data processors (which includes outsourcers) acquire legal responsibility in relation to processing personal data. This encourages outsourcers to improve the security of the personal data you put in their hands. By outsourcing, it also makes it easier and economical for you to meet your security obligation.

Again, effective outsourcers will likely already have systems in place to facilitate the recovery of specific personal data, as well as have the ability to amend, rectify, transfer, and delete personal data. Effective outsourcing partners will have control of the processing of personal data for specified purposes only.

An additional benefit of working with a good outsourcer is that they will be willing to work with you to guide, manage, and adjust your data processing systems to establish appropriate security and organizational procedures. Outsourcing providers should give you peace of mind when it comes to complying with additional obligations, and ensuring you minimize the risk related to personal data processing.

considerations.jpg

Considerations

While relationships with outsourcers remain mostly unaffected, there are some changes to outsourcing contracts that should be deliberated.

Make Sure there is a Written Agreement

There needs to be a written agreement in place with all data processors, which again includes outsourcing partners. These agreements should include the following:

  • Clear definition of what personal data will be processed by your outsourcer.
  • Identification of personal data processes that will be carried out.
  • Documentation of appropriate security and organizational measures for the various types of data that will be processed. When creating this, you should bear in mind the risk-level of potential GDPR breaches.
Check for Rights

Ensure that your written agreement includes the appropriate rights for you.

  • You should have the right to audit your data processor and any sub-processors to check for effective "technical and organizational measures."
  • Make sure that there are obligations for your data processor to comply with GDPR and to respond quickly to data subject access requests. The new GDPR requires you to respond to data subjects within 30 days instead of 45 days. Additionally, companies now have 24 hours to respond to any data breaches.
Review and Adjust

Review current contracts and adjust contract renewals as needed.

  • Identify any changes that are needed to comply with GDPR. Keep in mind the suggestions for what should be included in written agreements.
  • Check your written agreements with your outsourcers and/or data processors. Update them if they’re not already GDPR-compliant. At DDC, we have compliant updates ready to go. We can also work with you to vary existing terms.
  • Check the personal data that you process and the data that you want third parties to process for you. Record the legal basis on which you are relying for these processes. Check that you have recorded consent and that all consent is up-to-date.
  • Update the way you gather consent from individuals. Consent must be, “freely given, specific, and informed.” Under GDPR, gone are the days when you just have users click a link to your terms and conditions.
  • Ensure that all processing activities have been risk-assessed from both the controller and processor’s sides. Remember, both parties have an active role in risk management under GDPR.

What if I think I’m GDPR Compliant and I’m Not?

It may be overwhelming to think about the implications that non-compliance can lead to. GDPR fines are estimated to go up to 20 million Euros or four percent of annual global turnover (whichever is highest). That is about $2.2 million!

It’s easy to say that you know where all your data is, but do you really know where it is at all times? Say an employee downloads customer data from a work computer onto a flash drive to complete a task later at home. There’s no ill-intent, but the data may no longer be secure which effectively causes your company to fall under non-compliance. The penalties are too impactful to take the risk.

How Secure is My Data?

At DDC, we have already been working with our existing partners to ensure that our joint obligations are met, and that both parties have lawful processing and security of personal data.

  • We work with our partners to ensure procedures are put in place, so subject requests of all types are dealt with in an efficient manner.
  • We ensure the security of the data we process by further strengthening our technical and organizational measures of protection, and ensure it is kept confidential.
  • We ensure all our contracts are GDPR-compliant, and specifically designed to protect our client’s interests as well as our own. We manage risk on behalf of our clients at all points for each respective processing journey placed under our responsibility.
  • Our ethos is to always employ a consultative approach when dealing with our partners – and this value-added service is instrumental in helping us achieve not only GDPR compliance, but also an efficient, accurate, and secure processing solution.

RiskView: A GDPR-Compliant Solution

Effectively manage your GDPR risk and comply now without the stress of doing it on your own.

RiskView gathers data from individual computers, analyzes its risk profile, and grades it according to the amount of non-compliant data held. RiskView’s assessments provide an audit trail that demonstrates care and progress in regulatory areas. This allows your business to report risk with confidence and provide evidence to satisfy GDPR review.

Locate unprotected Personal Identifiable Data (PID) and GDPR Compliance Locate unprotected Personal Identifiable Data (PID).
GDPR Compliance and Risk Mitigation Strategies Focus your resources only on what is needed to become compliant.
Risk Mitigation Strategies and Privacy Impact Assessment Identify security threats in everyday system usage.
Privacy Impact Assessment  and GDPR Compliance Software A key component in achieving and maintaining GDPR Compliance.
GDPR Compliance Software and Data Security and Privacy Improve user accountability and compliance with internal rules.
Data Security and Privacy and GDPR Compliance Software Rich visual set of analysis tools helping you to effectively manage your GDPR risk.
GDPR Compliance Software and General Data Protection Regulation A detailed view of your company’s data storage
General Data Protection Regulation and Risk Mitigation Strategies Identify sources of critical data leakage.

At DDC OS USA, we take data security seriously. We work hard to provide you the confidence you need to know your data is protected, while providing high-quality work as well as time- and cost-savings. We’re ready to partner with you for all your data processing needs.

Solutions-_BG.jpg

For more information on how GDPR regulations will affect your business, contact DDC OS USA today.

Talk to An Expert Today!