Keeping consistent with the importance of Human Rights in the European Union, the GDPR was created to bolster those rights in a digital era. Passing in 2016, effective on May 25, 2018, GDPR is recognized as the strongest, most comprehensive data privacy regulation in the world. The GDPR protects individuals’ personal identifiable information (PII) from unlawful processing or destruction. Organizations must only collect data to fulfill a legitimate business purpose and must have a legal basis such as consent for data processing. Specific principles and data subject rights need to be followed for compliance and avoidance of severe fines and penalties.
The right to be informed that you’ve collected and used personal data
The right to access personal data and how it’s processed
The right to rectify inaccurate or incomplete personal data
The right to erase data
The right to restrict the processing of personal data
The right to data portability
The right to object
Update Privacy Policy to acknowledge that you are aware of GDPR
Review legal basis for processing personal data
Document all data is collected and processed
Data Mapping for personal information fields to each internal database
Appoint a person, team, or Data Protection Officer who can own data privacy
Reporting Metrics for auditing. Show auditors your data landscape, proof of purpose, and all data subject access requests completed to date
Meet proper deadlines (30 days to respond to requests)
The GDPR is important because it was the first major privacy and security law enacted that gives consumer and citizens of Eu specific controls over how their personal information is collected, used, shares, and stored by companies. With active enforcement, heavy fines and consequences for non-compliance, companies are required to comply with the requirements of the GDPR.
GDPR impacts any company that collected, uses, shares, or stores personal information from EU citizens, no matter where the company is located geographically.
GDPR provides EU citizens certain rights over the personal information that a company collects or uses. These rights include Right to Access, Right Erasure (Delete), and others. CYTRIO provides a fast and simple way for the consumer to submit a data subject access request (DSAR). CYTRIO’s out of the box workflows and automated data discovery helps companies reduce the time to respond to a DSAR to minutes while saving 80% cost. CYTRIO also provides Article 30 reports to meet audit requirements.
