General Data Protection Regulation (GDPR)

Overview

The European Parliament approved the GDPR on April 14, 2016. Enforcement is scheduled to begin on May 25, 2018.

What does GDPR do?

The GDPR creates an EU-wide set of standards for the protection of digital personal data relating to online or real-world behavior for EU internet users. Importantly, these standards apply to the personal data of EU internet users regardless of the location of the entity holding their data. In this sense, the standards have significant extraterritorial reach. 

The GDPR defines personal data as “information relating to an identified or identifiable natural person.” This understanding of personal data includes IP address, device ID and customer reference number. Importantly, these protections apply to all corporate entities that process the personal data of EU citizens, even if the processing of relevant data does not take place within the EU.

Furthermore, the GDPR guarantees a number of privacy rights to EU internet users, including mandatory, prompt notification of data breaches likely to “result in a risk for the rights and freedoms of individuals,” access to one’s personal data, the ability to instruct an entity to erase one’s personal data (consistent with the “right to be forgotten”), and the ability to move one’s personal data from one processing entity to another. Together, these rights are at the heart of the regulation’s purpose—“to give citizens back control over their personal data.”

What is required of you?

Full compliance is required not later than May 25, 2018.

What happens if you don't comply with GDPR?

Organizations that breach their obligations can be fined as much as 4 percent of their annual global turnover or 20 million euros (whichever is greater). 

How can Ariento help?

Ariento can help in one of two ways:

  1. Consulting - We conduct an assessment of your GDPR compliance, given you a neutral third-party sign off of your compliance. In areas of non-compliance, we provide actionable recommendations for remediation that can easily be turned into a project plan. If desired, we can also help implement recommendations.
  2. Managed Services - We become your GDPR compliant outsourced IT shop, making you compliant now and in the future as regulations change. We also conduct an annual assessment evaluation of your business according to GDPR, giving you a record of compliance year over year.