Today we’re going to talk about the European General Data Protections and Regulations, or GDPR, and while they don’t come into effect until mid-2018, you really need to start your planning today, and the question is: are you prepared?

One of the biggest fallacies that I see is with North American organizations who don’t believe they are effected. The reality is, if you do business with Europe, if you have European Data, or if you have partners or affiliates in Europe, you are governed and are on the hook for GDPR responsibilities.

The scope is GDPR is broad, and has many controls in place such as privacy by design, consent and control mechanisms, the ability to remove your data from a network, assigning a data protection officer, and most importantly, GDPR contains stringent data breach notification rules, that when violated can lead to highly punitive sanctions in the tens of millions of euros.

And while the GDPR in Europe does recognize other countries’ privacy laws as equal, such as in Canada, it does not in the United States, and this means as a US entity, you must build corporate-binding rules between the US entity and its European affiliate to meet the GDPR standards.

There are hundreds of controls in the GDPR regulations, like setting up breach notification rules, incident response planning, privacy by design, and designating a data protection officer. For this reason, I highly recommend that you enlist a security advisory professional to help you navigate all those complications.

Get ahead of GDPR today

If you do business with Europe, or you have European data or affiliates, you are governed by the European General Data Protection Regulations (GDPR). And while the regulations don’t come into effect until 2018, you need to start planning now. 

The GDPR is fairly broad and has a number of controls in place such as privacy by design, consent and control mechanisms, the ability to remove your data from a network and assign a data protection officer, as well as stringent data breach notification rules. If these rules are violated, it can mean fines in the tens of millions.  

To help you navigate the hundreds of controls and simplify your approach, Industry Security Strategist, Mark Sangster recommends enlisting the help of a security advisory professional.