GDPR Compliance Services - Solutions and Assessment
In April of 2016, the General Data Protection Regulation (GDPR) was voted into law by the European Union. GDPR’s impact has been seismic as global businesses scramble to create compliance strategies to meet the May 25, 2018, enforcement deadline.
GDPR represents monumental challenges to global business operations, because, unlike its predecessor Directive 95/46 EC, GDPR is a regulation (not a directive) and comes with steep penalties for non-compliance of up to 4 percent of annual revenue or €20 million, whichever is greater. But the greatest challenge is posed by GDPR’s sweeping reach. The regulation applies to virtually every business in and outside the E.U. that processes personal data to sell goods and services to citizens of E.U. member states. To dispel any confusion entities who are currently Privacy Shield Certified must also comply with GDPR.
At Aprio, we view GDPR as an opportunity for organizations to greatly improve their risk management operations. The key challenge that most organizations will face is prioritizing their compliance initiatives within a tight timeline. Our team of Certified GDPR Practitioners have deep security and privacy experience in fintech and digital marketing and provide step-by-step guidance through the compliance readiness process.
Protecting the rights of data subjects
GDPR’s six guiding principles were intended to strengthen data protection practices, align regulators under one authority and provide greater citizen control over personal data. The regulation’s focus on data subject rights and consent will pose sizeable obstacles for digital marketing organizations. Those who currently capture data through Google IDs and are unclear as to the source, will face additional challenges.
GDPR’s Six Guiding Principles
At Aprio, we believe that information risk management is a team sport. So, we partner with your internal resources to provide step-by-step guidance through our GDPR compliance process.
- Business understanding
- GDPR applicability
- Automated system mapping and data flow diagrams
- Role establishment: Are you a Processor or Controller?
- Data Protection Impact Assessment
- Gap assessment against GDPR requirements
- Conduct due diligence on the current state of the company with respect to GDPR requirements
- Prepare GDPR applicability matrix
- Study, analysis and assessment of PII lifecycle through web contents, business processes, technical infrastructure and people aspect
- Discuss feasibility options and guidance for effective remediation with management
- Provide Gap Assessment report with management summary recommendations
- Provide guidance on “Privacy by Design Program”
- Remediation recommendations for compliance
- Remediation of identified gaps to be executed by the client organization
- Aprio team of experts to provide the required guidance
- Review of GDPR remediation
- Collection and review of supporting evidence to establish demonstrable compliance
GDPR compliance with fewer hassles
GDPR’s focus on protecting personal information and the rights of data subjects represents a bold leap forward in data security and privacy. At Aprio, we are committed to working with clients to make effective, sustainable risk management easier to achieve. Let us apply our proven process and compliance roadmap to help your organization become GDPR compliant.