Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

Making data protection and privacy a business process

Tom Fox | June 26, 2017

In May 2018, the European Union’s General Data Protection Regulation (GDPR) will come into force, which means that U.S. companies that do work internationally need to be very aware of this date and plan accordingly.

The law is designed to protect the data of EU citizens wherever they may live and wherever the data is processed. With corporate awareness of cyber-attacks at an all-time high, U.S. companies should not only be ready for this change, but take the lead in responding, as well.

In addition to the more public rights to data portability and the right to be forgotten, the transfer of data outside the EU will be further restricted. Companies need to have policies and procedures in place to put these requirements into effect and to document how their data is collected and retained.

Most ominously, companies will now have 72 hours to report a data breach to the EU Information Commissioner’s Office. The days of Yahoo not reporting literally for years will... To get the full story, subscribe now.