General Data Protection Regulation (GDPR) is the most comprehensive personal data privacy regulation ever issued, and its implementation deadline in May 2018 is approaching quickly. With the potential fines accompanying noncompliance, GDPR has shifted the business world’s attention to privacy. However, since this regulation was issued by the European Union, there is a lot of uncertainty around how GDPR impacts US-based businesses. Bottom-line – if your business sells to or holds EU residents’ personal information, GDPR affects you.
GDPR is challenging to address because it first requires an understanding of the data your organization holds. At its core, GDPR is a legal compliance issue. So, your organization’s compliance function can manage much of the effort. However, before they can do anything, they must clearly understand what types of personal information your organization collects and maintains.
However, this gap is an opportunity. Effective privacy, information security, and business continuity all require a deep understanding of the data your organization has and how it’s used. The opportunity is to establish a unified process to collect that information across the organization once, and then leverage it for all three purposes.
Avalution has been engaging international organizations to collect business and data requirements for over 12 years. Our approach is effective, efficient, and provides clarity on how you can get prepared for the GDPR. If you want to learn more about how Avalution can bring clarity to your GDPR compliance effort and move your business continuity and information security programs forward at the same time, please contact us today.
On-Demand Webinar: General Data Protection Regulation (GDPR) for US Businesses