When the General Data Protection Regulation (GDPR) takes effect on May 25, 2018, the effects will reverberate far beyond the continent itself. The GDPR goes further than harmonizing national data-protection laws across the European Union and simplifying compliance; it also expands the reach of EU data-protection regulation and introduces important new requirements. It seeks to ensure that personal data are protected against misuse and theft and to give European Union residents control over how data relating to them are being used. Any entity that is established in the European Union or that processes the personal data of EU residents to offer them goods or services or to monitor their behavior—whether as customers, employees, or business partners—will be affected. Any failure to comply with the regulation could incur severe reputational damage as well as financial penalties of up to 4 percent of annual worldwide revenues.
Like any other gap analysis, the first step is to understand what the scope of the engagement to then determine which regulation, standard and/or set of requirements apply and then effectively determine where you stand against the requirements. Elevate has the subject matter expertise to navigate with you through your specific needs.
We work with you to provide you the experience to design and implement privacy program functions, including:
Understanding how you collect, process, transmit and store data, as well as how you use it and who uses it in your organization, is the foundation of your Data Privacy Program and the key to complying with most privacy regulations. However, we find that in many cases the exact data flow of the sensitive data is unclear and not well documented enabling exposure and increasing the risk of data loss.
What we do:
This is done with both, manual and automated techniques, to gather and document the entire picture.