If you have used the internet this summer, you are sure to have come across many websites and services with a message "We've updated our privacy policy." This is in response to a new set of compliance standards that your organization may also need to follow.
What is GDPR?
The General Data Protection Regulation set of rules was adopted in the European Union in May 2018 to protect the personal data and privacy of its citizens.
Does my organization need to follow the GDPR?
GDPR rules are designed to protect European Union citizens, so if your organization does business in or has customers in the EU, you will need to be compliant with the new data security standards. If your organization has online sales or an e-commerce website, you may need to adhere to these standards without knowing it.
What forms of personal data are protected?
If your organization collects personally identifiable information like name, address, ID numbers, biometric data, health information, ethnicity, or even information like political opinions, you will need to take "reasonable steps" to protect that data from security breaches.
What does my organization need to do to get in compliance?
Some of the specifics of the GDPR standards are still being determined, but the "reasonable steps" mentioned in the actual law leaves much up to interpretation. In practice, it means that organizations need to undergo a risk assessment, then demonstrate they are taking steps to protect their customer and user data.
If your organization needs to become compliant with the GDPR, contact Integrity today for a risk assessment!
