Demonstrate GDPR Compliance

The General Data Protection Regulation governs how organizations use, process and protect data. The law, which came into effect on May 25th, 2018, now forms the Data Protection Act (2018) and is enforced by state supervisory authorities across Europe.

Demonstrate GDPR Compliance

The General Data Protection Regulation governs how organizations use, process and protect data. The law, which came into effect on May 25th, 2018, now forms the Data Protection Act (2018) and is enforced by state supervisory authorities across Europe.

Article 4

Key definitions under the general data protection regulation

  • A data subject is the individual who is the subject of personal data
  • A data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data
  • A data processor is a natural or legal person,┬ápublic authority, agency or other body which processes personal data on behalf of the controller

Article 32

Security of processing data

Article 32 sets out conditions for the security of processing data under the GDPR and is vital for customer-facing organisations, service providers and suppliers.

Controllers and processors must implement ‘technical and organizational measures to ensure a level of security appropriate to risk’. It could be assumed risks like ransomware or a natural disaster must be accounted for.

  • Pseudonymisation and encryption

  • The ability to ensure on-going confidentiality

  • The ability to restore availability and access to data

The GDPR will affect all businesses, organizations and individuals within the EU. For organizations that are not compliant there is not only a higher risk of suffering a data breach, but a real risk of damaged reputation and a lack of customer confidence. Being compliant will set you apart, being non-compliant will drag you down.

Supervisory authorities can take action in several ways to reprimand organizations for non-compliance. The fines that can now be given for a major data breach can be up to $23 million or 4% of global turnover, whichever is higher.