WHAT IS GDPR?
The General Data Protection Regulation (effective May 2018) is a law designed to strengthen the data protection rights of individuals within the European Union (EU). GDPR applies not only to businesses located in the EU, but also to businesses that offer goods and services to individuals located in the EU. The expansive purview of the law means that even businesses with no operations in the EU may still need to operate within GDPR guidelines, which detail – among other things – the right of data portability, the right to restrict data processing, and the right to be informed of the right to object to data processing.
GDPR enforcement is strict, and monitored by the EU Member States’ Data Protection Authorities (DPA). In the event of a confirmed GDPR violation, the DPA’s actions may range from reprimands to fines, with the most severe violations facing administrative fines that could reach into the millions of euros.
DOES GDPR ACTUALLY IMPACT MY ORGANIZATION?
GDPR is far-reaching, covering “controllers,” “processors,” and “sub-processors” of personal data. The categories of data covered are extensive, too: personal data, which broadly means any piece of identifying information, such as name, address, or IP address; and sensitive personal data, which could include things like genetic data, religious and political views, sexual orientation and more.
Essentially, if your organization comes into contact with any data about an individual residing in the EU – either directly or indirectly – you are impacted by GDPR.
WHAT IS COMPLIANCE WITH GDPR?
GDPR requirements are robust, and the nearly 100-page document contains significant complexities about the rights of individuals and obligations of data controllers and processors. At GDPR’s core are mandates around data security, data processing, and the ability to prove – at any time – that the appropriate data protection measures are in place.
For most organizations, this means knowing and documenting where your data lives; understanding how the data is encrypted, accessed, and managed; accessing the data on-demand in response to a variety of needs, including data subject requests; and having documentation in place that details all aspects of your data governance policies.
HOW CAN EXPEDIENT HELP?
Expedient has been prepared to support GDPR accountability and compliance needs through a variety of solutions and measures.
Our suite of security solutions provides an extensive set of tools that enable organizations to share risk, secure sensitive data, and streamline audit efforts in support of many compliance regulations, including GDPR.
Managed services like Data Encryption at Rest and Unified Log Management serve to encrypt, index, and store the ever-increasing volumes of data collected by most organizations; solutions like Unified Threat Management and Advanced Threat Prevention provide next-level threat monitoring, detection, prevention, and comprehensive logging and reporting for audit needs.
Our Backup and Disaster Recovery as a Service solutions help to protect organizations in the event of a breach, attack, or disaster by enabling rapid recovery and restoration of data – helping to meet GDPR requirements around restoration and access to personal data in the event of an incident.
Operationally, the company attests to the EU – U.S. Privacy Shield, a legal mechanism used to transfer data between EU Member States and the United States. And our customers can benefit from a Data Protection Agreement addendum with Expedient, which provides the legal framework for demonstrating our compliance as a sub-processor of data.
While GDPR compliance goes beyond the implementation of any one tool or solution, Expedient’s breadth of security and compliance offerings can meet the needs of GDPR’s extensive coverage and aid in the management, access, and security of your organization’s data.