GDPR Compliance | NAVEX Global

What is GDPR Compliance?

The European Union’s Global Data Protection Regulation (GDPR) went into enforcement in May of 2018. New GDPR requirements have created major concerns not just for data privacy officers, but also for all professionals operating in the GRC space. The 2018 EU regulation has effectively replaced the 1995 Data Protection Directive and includes a number of key changes that respond to modern data-driven environments.

The most notable change is GDPR fines associated with non-compliance. Failure to comply with GDPR requirements can result in fines of up to 4 percent of an organisation’s global annual revenue, or up to €20 million, whichever is greater. Under the new territorial scope of the GDPR regulation, the law now applies to many organisations that sell goods or services within the EU, regardless of where their businesses are located. Organisations that fall under the GDPR must embed privacy-by-design concepts across the enterprise, including the entire life cycle of their products, through vendor management, and through every area of their human resources. In addition to a number of other requirements under the new GDPR definition, timely notifications of personal data breaches, specifically within 72 hours, is now required.

Learn How NAVEX Global Protects Your Data

What you need

Privacy by Design

Data protection and privacy-by-default concepts must be part of the launch of all data processing technologies and processes.

Policy & Procedure Updates

New GDPR requirements need to be operationalised throughout the organisation with extensive and thorough policy and procedure updates and dissemination.

Timely Breach Notification

Effective and accessible reporting mechanisms should be in place so data breaches, big or small, can be reported and escalated immediately.

GDPR Compliance Training

Employee risks should be identified and training should be assigned to educate at-risk employees on their new responsibilities under the Global Data Protection Regulation.

Steps You Can Take to Avoid GDPR Fines

Step 1: Make sure internal policy and procedure management capabilities allow you to align the entirety of your workplace with the broadened scope of new GDPR requirements.

Step 2: Implement multiple whistleblower incident management reporting methods including a compliance hotline as well as deploy a comprehensive communications effort to inform employees of their role in identifying and reporting data breaches.

Step 3: Create and roll out a multiyear training programme that trains each employee group on the GDPR topics applicable to their roles and the data they manage.

Step 4: Extend your privacy-by-design standards through your supply chain, garner attestation to policies and identify reporting channels to all vendors and contractors with effective third-party management and due diligence.