Following the EU General Data Protection Regulation (GDPR) approval by the European Parliament on Thursday 14 April, IT Governance has released a new green paper, EU GDPR: A Compliance Strategy, which is designed to help organisations prepare for the new Regulation.
Tougher penalties, requirements and restrictions
The new Regulation, which is expected to come into force by June 2018, applies to businesses of all sizes, anywhere in the world that hold data on European citizens. To avoid potential data breach penalties of up to 4% of global turnover or 20 million, whichever is higher, organisations have a two-year transition period to adapt their data protection management practices to comply with the new law.
During this transition period, organisations are urged to review their operational and technical measures to meet the new regulatory requirements. Implementing appropriate data policies and data protection impact assessments and updating controller/processor contracts are only a few of the extensive requirements that the new regulation introduces.
Green paper overview
EU GDPR: A compliance strategy provides information on key provisions of the Regulation, and guidance on how to implement a compliance strategy to meet the Regulation’s requirements.
The paper also explains how to ensure you have taken appropriate technical and organisational measures to meet your compliance goals, in addition to information on how ISO/IEC 27001 can help you achieve full and ongoing compliance with the Regulation.