{"id":2469,"date":"2018-05-08T10:52:31","date_gmt":"2018-05-08T16:52:31","guid":{"rendered":"https:\/\/www.kraftgrp.com\/is-your-technology-company-talking-to-you-about-gdpr-compliance\/"},"modified":"2018-05-08T10:52:31","modified_gmt":"2018-05-08T16:52:31","slug":"is-your-technology-company-talking-to-you-about-gdpr-compliance","status":"publish","type":"post","link":"https:\/\/www.kraftgrp.com\/is-your-technology-company-talking-to-you-about-gdpr-compliance\/","title":{"rendered":"Is Your Technology Company Talking to You About GDPR Compliance?"},"content":{"rendered":"

The European Union\u2019s General Data Protection Regulation goes into effect on May 25, 2018.<\/strong> Many U.S. and Canadian businesses have been working hard to meet the new GDPR guidelines., but it\u2019s not clear if others have the technology in place to notify individuals that their data was breached within the required 72-hour period. This is one of the primary components of the 2018 GDPR. No matter how you look at it, three days can go by very quickly when it comes to sending out data-breach notifications, especially if you haven\u2019t planned in advance.<\/p>\n

Watch Our Free GDPR Training Online<\/a><\/p>\n

\"GDPRMany U.S. and Canadian businesses, even large enterprises, don\u2019t always plan ahead and, instead, operate in a reactionary mode. Security professionals in the U.S. and Canada are concerned\u2013The mandatory 72-hour GDPR breach-notification period has them worried because they don\u2019t think most businesses are prepared.\u00a0 The U.S. doesn\u2019t have a national data-breach notification requirement. However, most states do require notification within 30 to 45 days. If businesses don\u2019t comply, they will be fined 4% of their global revenue up to $20 million. Plus, the consumers whose data is breached can file class-action suits against them for noncompliance.<\/p>\n

Experts know that the GDPR is something to take very seriously.<\/strong><\/p>\n

They believe that the regulators in the European Union will impose the largest fines they can and that they\u2019ll make an example of organizations that lack compliance\u2013and will do so within the first 90 days of the breach. This is much like the U.S. Health, and Human Services\/Office of Civil Rights does with their \u201cWall of Shame\u201d and HIPAA breaches of personally identifiable information (PII).<\/p>\n

The GDPR requirements apply to any organization that does business in Europe and collects personally identifiable information on European citizens. It doesn\u2019t only apply to large multi-national corporations; it applies to any business that has 250 or more employees.<\/strong> Smaller companies are typically exempt, except in the case where a data breach results in a risk to the rights and freedom of individuals, isn\u2019t an occasional occurrence, or where the processing of data includes special categories like those relating to criminal offenses or convictions.<\/p>\n

The 2018 GDPR replaces the old Data Protection Directive of 1995. The most recent GDPR breach notification requirement was enacted in April 2016.\u00a0 It set a higher compliance standard for data inventory, and a defined risk management process and mandatory notification to data protection authorities.<\/p>\n

Breach notification is a huge endeavor and requires involvement from everyone inside an organization. In-house tech support and outsourced Technology Service Providers should have acquired a good understanding of the consequences a data breach causes and the data breach notification requirements for their organization.\u00a0 They must be prepared in advance to respond to security incidents.<\/p>\n

Is your technology ready for the GDPR?<\/strong><\/p>\n

Smart CIOs and CEOs in the U.S. and Canada have been preparing for the GDPR for the last year. And many larger enterprises, especially those that regularly do business in the European Union, have seen this on the horizon for a while and have taken advantage of the two-year implementation period to seriously prepare for GDPR. These organizations are ready and won\u2019t need to worry that they can\u2019t meet the 72-hour notification deadline.\u00a0 Many U.S. financial organizations and banks are already prepared as they are accustomed to notifying regulators and customers, and they have the IT infrastructure in place to respond quickly. Plus, banks in the U.S. have been functioning under more stringent regulations since the 2007-2008 financial crisis\u2013They\u2019re already well prepared.<\/p>\n

The following are steps your organization should take to prepare your technology for the GDPR. \u00a0<\/strong><\/p>\n