By John L. Guerra
Editor, GRC & Fraud Software Journal
GDPR is the standard through which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data privacy protection for all individuals within the European Union (EU). It also addresses protecting exported personal data outside the EU.
Maxine Henry, GDPR expert at Reciprocity, says non-EU companies that share data with third parties in the EU must meet the GDPR regulations. Protected data can be anything from a name, a home address, a photo, an email address, bank details, as well as postings on social networking websites, medical information, or a computer’s IP address.
“All our customers are asking about it,” Henry says. “It’s not just for companies in Europe; it has a big impact on U.S. companies doing business with any European citizen. If you are handling trans-border data, it puts you in scope for GDPR.”
Failure to comply can mean a fine equal to 4 percent of a company’s annual global revenue.
Reciprocity is helping its clients meet the May deadline.
“We are talking to companies and showing them how to build their GRC platform to meet the GDPR deadline and help them manage it,” Henry says.
According to Henry, GDPR includes, but is not limited to:
- Timely notification of data breaches
- A new set of digital rights for EU citizens
- Compliance with data requests
- Managed consent management tools
- Right of access to types of data
As a GDPR expert at Reciprocity, it is Henry’s job to help companies transition to a single tool to manage and link directly to each of the articles of the EU data privacy standard, Henry says.
“First, we go in and ask: Where are you, what the your maturity level of your business, what compliance regulations and frameworks are in place? We ask them whether they have good malware, good security software in place, do you have documented data privacy policies and procedures. If not, they should do that immediately,” Henry says.
“Once you actually understand where they are, we can make recommendations on getting to GDPR.”
According to Henry, Reciprocity’s GRC software is a cohesive system that helps companies manage data, assets, access rights, third-parties, and audit controls.
There is no need for multiple spreadsheets, no SharePoint sites, and no shared folders, all the information is in one spot.
“The data map, process flows, the controls, can all linked and mapped,” Henry says.
The solution uses dashboards so staff can view which assets hold PII data, track information related to third party vendors, manage notifications and response of individual workers managing the data. It provides a cohesive view across compliance roles, responses to assigned tasks, such as who completes a task.
For example, if the IT director gets a task they respond that they’ve performed the task, a manager with the proper permissions can track whether it’s complete or not.”
For more information, visit Reciprocitylabs.com