Cyber attacks are on the rise, therefore there’s a need for concrete and effective cybersecurity, data protection and user/end client privacy controls and processes.
The General Data Protection Regulation (GDPR) is a European Union law that was implemented in 2018 and requires organizations to safeguard/protect/encrypt/not save in some cases personal data and uphold the privacy rights of anyone in EU territory.
We want to remind you that this checklist is not in any way legal advice. There are various provisions in the GDPR that apply only in rare instances, which aren’t covered here. You should consult with a lawyer to make sure your organization fully complies with GDPR. This document isn’t legal advice or a defined GDPR approval.
The regulation includes various principles of data protection that must be implemented and privacy rights that must be addressed. It also empowers government-level data protection authorities to enforce GDPR with sanctions and fines. GDPR replaced the 1995 Data Protection Directive, which created country-by-country directives and data protection laws. The GDPR, passed in the European Parliament, unifies the requirements and creates an organized framework.
The UK GDPR (as an example) sets out seven key security, data protection and privacy principles:
Lawfulness, fairness and transparency
Integrity and confidentiality (security)
These principles should guide your organization when processing client and employee personal data.
The following is a non-exhaustive list of questions that will assist you with advancing GDPR within your organization.