General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) applies to any company that does business with Europe, whether they are based in the EU or not. The new regulation will give users ultimate control over their data in where it resides, the ability to export, withdraw consent, and request access to it.
The GDPR regulation will strengthen the rights that individuals have regarding their personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed. GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside of the EU. However, it is important companies are aware that ‘data processing addendums’ model clauses and Privacy Shield certifications will continue to help enforce compliance.
Carolinas IT is committed to helping our customers with their GPDR compliance journey by providing robust privacy and compliance protections built into our service packages.
Here are some important points to consider regarding GDPR regulations:
- The ‘data controller’ is responsible for implementing technical measures to ensure that data is being processed in compliance with GDPR such as obligations for transparency and purpose of the data at all times through the systems.
- Platforms are to be able to export customer data at any time during the term of the agreement with said client. Data export commitments should be honored at any point the customer wishes to have their information terminated from your organization’s systems.
GDPR authorities can fine organizations up to 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred. A majority of third party certifications, such as a SOC 2 audit report, can be used by customers to help conduct their risk assessments and help them determine if appropriate control measures are in place.
You should seek independent legal advice relating to your status and obligations per your organization’s operations under the GDPR. Only a lawyer can provide you with advice tailored to any unique situation.