1. Doug Martin
  2. Online Extra, Miscellaneous
  3. Monday, 30 April 2018
The EU is enacting a new data protection regulation, GDPR(General Data Protection Regulation) that is effective on May 25. If an organization does business within the EU; including processing data on behalf of a single person based in the EU they are potentially within the scope of the regulation.

This regulation has some sweeping revised definitions of personal data that includes names, pictures, email addresses, medical information, or just an IP address of a person's computer. The penalties for noncompliance are also sweeping and including 4% of an organization's annual global revenues up to 20 million euro for a data breach or 2% for not having accurate records.

Because of the penalties and scope of the regulation, many organizations are moving to adopting GDPR compliance as their global bias. This is why you are seeing so many privacy updates and notices from online service providers in the past couple of months with more on the horizon.

What does this mean for ***?

1. If your organization has not reviewed the GDPR regulation and there is a possibility that the products/services your organization offers is available and used within the EU you should raise a risk/compliance flag immediately and have someone do an assessment of what is needed to be compliant.
2. As new vendors are contracted or as existing vendor systems are updated, GDPR compliance should become an item of discussion for contracting; particularly if you are working with cloud providers that could be storing your data in data centers within the EU.
Doug Martin, PMP, PMI-ACP, CSM, CSP, M.P.M.
Comment
There are no comments made yet.


There are no replies made for this post yet.
However, you are not allowed to reply to this post.