What is GDPR Compliance?
The European Union’s Global Data Protection Regulation (GDPR) went into enforcement in May of 2018. New GDPR requirements have created major concerns not just for data privacy officers, but also for all professionals operating in the GRC space. The 2018 EU regulation has effectively replaced the 1995 Data Protection Directive and includes a number of key changes that respond to modern data-driven environments.
The most notable change is GDPR fines associated with noncompliance. Failure to comply with GDPR requirements can result in fines of up to 4 percent of an organization’s global annual revenue, or up to €20 million, whichever is greater. Under the new territorial scope of the GDPR regulation, the law now applies to many organizations that sell goods or services within the EU, regardless of where their businesses are located. Organizations that fall under the GDPR must embed privacy-by-design concepts across the enterprise, including the entire life cycle of their products, through vendor management, and through every area of their human resources. In addition to a number of other requirements under the new GDPR definition, timely notifications of personal data breaches, specifically within 72 hours, is now required.
Learn How NAVEX Global Protects Your Data