General Data Protection Regulation (GDPR) is a new data privacy and security law in Europe.
When will it go into effect?
May 25, 2018.
What is the primary purpose?
To provide EU citizens with greater control over how their personal data is collected, protected and used.
To whom does this regulation apply to?
GDPR applies to how Company must handle all EU customer and employee data.
Is there a penalty for non-compliance?
Yes, the risks are significant financial penalties and legal exposure. Fines up to 4% of annual worldwide revenue or €20 million are possible.
PCI-DSS (the Payment Card Industry Data Security Standard) mandates specific security safeguards for handling credit card data.
Companies are required to adhere to PCI standards as part of our contractual agreements with banks, partners, and credit card companies. Failing to adhere to these requirements could result in significant fines and possibly termination of Companie's ability to accept credit cards for transactions.
When will it go into effect?
May 25, 2018.
What is the primary purpose?
To provide EU citizens with greater control over how their personal data is collected, protected and used.
To whom does this regulation apply to?
GDPR applies to how Company must handle all EU customer and employee data.
Is there a penalty for non-compliance?
Yes, the risks are significant financial penalties and legal exposure. Fines up to 4% of annual worldwide revenue or €20 million are possible.
PCI-DSS (the Payment Card Industry Data Security Standard) mandates specific security safeguards for handling credit card data.
Companies are required to adhere to PCI standards as part of our contractual agreements with banks, partners, and credit card companies. Failing to adhere to these requirements could result in significant fines and possibly termination of Companie's ability to accept credit cards for transactions.
Embedding Privacy and Security Impact Assessments into our various business processes to ensure that privacy and security are consulted throughout the lifecycle of data-related initiatives;
Formalizing processes around Data Subject Rights to ensure that we can respond comprehensively and within the timeframe set out in the GDPR;
Updating our Privacy Policies to ensure they are GDPR compliant;
Developing our Data Retention and Deletion Capabilities;
Updating our Vendor Contract Templates to ensure they are in accordance with GDPR requirements; and
Developing our Privacy Resources and Specialist Training Modules to ensure all teams have the information they need.
No comments:
Post a Comment