The General Data Protection Regulation goes into effect on May 25, 2018. To help you understand the many facets of this massive legislation and its potential impact, you may find it helpful to split this regulation into “The 4 Cornerstones of GDPR” as shown below. By carving this regulation into 4 logical components/quadrants, it may help you ask yourselves the right leading questions to better understand your functional requirements.
The Global Data Protection Regulation, or GDPR, is a less ‘prescriptive’ regulation than we in the United States are typically used to, which is contributing to some of the confusion around achieving compliance with the new regulation. Typically, many US-born compliance and regulations provide great detail and context around the types of scans, minimum requirements, and data artifacts necessary for successful audit outcomes. By contrast, GDPR has largely given us the ‘end state’ of what your organization must be able to do… how you achieve that ‘end state’ is up to each individual organization given their individual process workflows and other business drivers.
As with almost anything, some prefer it better, and some do not, but regardless of preference, this new regulation protecting the privacy rights of EU citizens goes into effect on May 25th, 2018. If you are an organization that is bound by this new regulation, it is important to take active measures towards meeting the four cornerstones of GDPR, as described above.
And if you are looking for an information security partner to help your business become more resilient in an ever changing and risk-aware world, click here to find out more about how Dataprise’s information security services can help you achieve those goals.