What is GDPR?
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens -- regardless of where the organization is headquartered.
GDPR Overview
The GDPR is designed to improve personal data protections and increase organizational accountability for data breaches. Fines for non-compliance can reach four percent of global revenues or 20 million EUR (whichever is higher). No matter where your organization is located, if it processes or controls the personal data of EU residents, you need to be aware and prepared.
Specific Requirements
The GDPR includes numerous requirements for compliance. To see them all, refer to the actual regulation.
Following are key provisions of the GDPR with which Thales can help you comply:
- Implement technical and organizational measures to ensure data security appropriate to the level of risk, including “pseudonymisation and encryption of personal data." (Article 32)
- Have in place "a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing." (Article 32)
- Communicate “without undue delay” personal data breaches to the subjects of such breaches "when the breach is likely to result in a high risk to the rights and freedoms" of these individuals. (Article 34)
- Safeguard against the "unauthorized disclosure of, or access to, personal data." (Article 32)