The recent arrival of the General Data Protection Regulation (GDPR) has caused businesses to evaluate how they are protecting their client’s data. The GDPR is, “a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer” (Manuel Grenacher, GDPR: The Checklist for Compliance, Forbes.com).

This is big news for American businesses as well, because this law applies to any business that interacts with companies using European-customer data, regardless of the location of the organization. Penalties imposed on businesses that fail to meet GDPR compliance standards are severe, resulting in fines up to 4% of a company’s global revenue.

We understand that the preparation for becoming GDPR complaint may seem daunting, so we have compiled some tips to assist with the process.

Ask First

GDPR mandates that businesses obtain customer consent before obtaining/storing personal data. The customer consent agreement needs to be spelled out in simple language and needs to explicitly inform the customer how their personal data will be utilized. In the past, silence/failure to respond has resulted in a ‘pass’ for consent. This is no longer the case, as companies will need to prove that they were provided consent from individuals before using their information.

Also, under the GDPR, customers can choose to withdraw their right of consent at any time. After a business has been notified, they are responsible for acting on the request in a reasonable amount of time.

Constant Monitoring

Public entities and businesses larger than 10 to 15 employees that process personal data should have a dedicated monitoring agent/system in place. This system should ensure regular and systematic monitoring of stored data, including the ability to detect/address possible breaches in a timely manner.

The GDPR mandates that businesses inform individuals within 72 hours of their personal data being breached.

Network Software Security Assessment

If your business stores personal data on-site, you will need to perform a Network Software Security Assessment. The assessment should include an audit of the organization’s internal processes, determining if/how those processes could possibly compromise the privacy of their clients.

In addition to the evaluation of an organization’s internal processes, the Network Software Security Assessment should provide the business with alternative processes designed to minimize/mitigate any potential privacy breaches.

If you have any additional questions regarding GDPR compliance, or would like to schedule a Network Software Security Assessment, please contact Jakob Como, Marketing & Scheduling Coordinator, at como@plummerslade.com or 412-261-5600 x208

 

Works Referenced:

            Gdpr, The Checklist For Compliance

Manuel Grenacher – https://www.forbes.com/