The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. By this date, organisations holding personal data for their EU customers and employees must be able to demonstrate compliance with the new regulations.
The aim of GDPR is to enable data subjects (the individuals whose data is held) to have more control over their personal data and to ensure that organisations protect the data and use it only for the purposes for which it was obtained. Failure to comply can result in fines of as much as 4 per cent of a firm’s annual turnover, as well as reputational damage and the potential loss of business.
Organisations with EU citizens as clients and employees must have the correct policies, contracts and information systems in place and be able to demonstrate GDPR compliance.
The Challenges
- Identifying the scope of GDPR within the organisation and maintaining an accurate architectural map over time as the organisation grows
- Meeting all the compliance requirements within a very tight timeframe
- Removing the risk of manual error with the use of technology
- Ensuring that breaches are discovered and reported in a timely manner
The Brickendon Solution
- Prepare the data-collection and maintenance processes for handling, managing and using sensitive data
- Assess the current architecture and document the information flows within the organisation
- Identify the business functions that are fulfilled by applications within the technology environment to quickly identify potential scope
- Perform an application diagnostic to assess an application’s GDPR compliance with respect to items such as data security and retention policies
- Periodically review the documentation and repeat the assessments to ensure the organisation’s architecture remains compliant after both organic and synthetic growth
Client Benefits
- Full awareness of how compliant your organisation is and an understanding of the changes required to become compliant
- Removal of the risk associated with human error which results from a large amount of manual processes
- Regulatory compliance – failure to comply can result in fines of as much as 4 per cent of global turnover, or €20 million, whichever is greater, as well as significant reputational damage and the potential loss of business
- Peace-of-mind due to thorough risk assessments on all business applications, even those that don’t necessarily hold personal data but reside close to those that do
- Potential to leverage artefacts to quickly identify and resolve any breaches that may occur in the future
- Full documentation of all in-scope areas and applications to provide a clear demonstration of compliance to regulators