Category: GDPR

How to Comply with GDPR

Written by
Published 05/08/2020

When it comes to organizations incorporated and operating out of the United States, General Data Protection Regulation (GDPR) compliance can be confusing.  Many people struggle to understand what exactly is the GDPR and whether it applies to all organizations.  On May 25, 2018, the European Union (EU) via the European Parliament, signed into law the GDPR, to an enhance Directive 95/46/EC. GDPR mandates the protection of personal information data and privacy for citizens in the European Union and the European Economic Area (EEA).  Does this mean that a company outside the EU/EEA  shouldn’t have to worry about GDPR or that it doesn’t apply? Not quite.  Should your organization do business with citizens or the EU/EEA, you need to comply with…

Tags: ,
Categorized in:

Key Takeaways from the CCPA Audit Webinar with Dr. Maxine Henry

Written by
Published 12/06/2019

Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard  personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare. Who Will CCPA Impact? CCPA protects California residents, recognizing all natural persons in the state as consumers.  Even companies not headquartered in California, perhaps without physical presence in California, will be subject to CCPA, because California residents are among their customers. CCPA imposes obligations on for-profit enterprises meeting any of these criteria:     Annual gross revenues over $25 million;     Handles, buys, shares, or sells personal…

Categorized in: ,

The most important part of GDPR compliance

Written by
Published 06/14/2018

With the May 25th deadline for GDPR compliance now long gone, is your organization currently in compliance? If your answer is “no,” take heart: You are not alone. Most CIOs report that, when this sweeping new privacy-and-security law takes effect, their enterprise will not meet its mandates. Many say they are confused about exactly what they must do to avoid the heavy penalties—and loss of reputation—they may face as a result. Granted, a regulation with 99 directives can be intimidating. But non-compliance with the GDPR is not an option, not for those wanting to do business with people and companies in the EU. The penalty, if you do not comply, may be steep: up to 4 percent of annual global…

Tags: , ,
Categorized in:

5 Steps to GDPR Compliance

Written by
Published 06/05/2018

Now that the May 25th compliance date for the European Union’s (EU) General Data Protection Regulation (GDPR) has come and gone, the GDPR is now a reality that is expected to significantly change the way organizations process personal data and respond to data breaches. The regulation was adopted in 2016, will apply to organizations both in and outside of the EU and require them to institute new or enhanced data protection practices. The first thing to you should do is determine whether the GDPR applies to your organization. Article 3 of the GDPR provides and overview of the regulation which applies to any organization that processes, holds or somehow controls or monitors the personal data of individuals in the EU,…

Tags: ,
Categorized in:

The real reason you should fear the GDPR deadline

Written by
Published 05/28/2018

Now that May 25 has past, it’s time to push the panic button if you don’t comply with the European Union’s Global Data Protection Regulation (GDPR). Right? Judging from the alarm bells sounding across the blogosphere, that’s what many would have you believe. If you haven’t reached GDPR compliance by the deadline, they say, you should be afraid. I agree—but not for the reasons you might think. How did we get here? Organizations have had two years to comply with this sweeping regulation, and perhaps should have seen it coming long before. The GDPR was in the works, and in the news, for four years before being adopted in April 2016. But maybe some CIOs weren’t paying close attention. The…

Tags: ,
Categorized in:

Here’s what GDPR means for your business

Written by
Published 03/19/2018

The term “business as usual” takes on a whole new meaning May 25, when the European Union’s General Data Protection Regulation (GDPR) goes into effect. This complex, game-changing law will mandate new ways of doing business in virtually every area of operations, from human resources to marketing, to technology and cybersecurity. In fact, according to a PwC survey, 92 percent of U.S. companies consider preparing for GDPR compliance a top priority. Is your enterprise ready? The first-ever global privacy and security law, GDPR outlines new rules—99 of them– for protecting EU citizen data. These provisions: Broaden the scope of the term “personal data”; Grant EU citizens absolute rights over their personal data, including the “right to be forgotten”; Set stringent requirements…

Tags: , ,
Categorized in: