GDPR
General Data Protection Regulation
What you need to know
GDPR is a comprehensive data privacy law designed to give EU citizens greater control over their personal data, as well as to standardize data protection laws across the EU member states.
GDPR requires organizations to obtain explicit consent from individuals before collecting or processing their personal data, and to provide individuals with certain rights with respect to their data, such as the right to access, correct, and delete their personal information.
GDPR increases accountability for data breaches and imposes strict penalties for non-compliance, which can include fines of up to EUR 20 million (USD $22 million) or 4% of a company's global annual revenue, whichever is higher. Learn more about GDPR penalties
GDPR requires organizations to properly protect personal data by implementing technical and organizational measures, including “pseudonymization and encryption” (Article 32)?
GDPR applies not only to organizations based in the EU, but also to organizations that process personal information of individuals located there(Article 3)?
GDPR mandates that organizations must notify the supervisory authority and affected individuals of a data breach within 72 hours? However, if personal data is encrypted or tokenized, and the encryption key is not compromised, then the data is considered unreadable and the breach notification requirement may not apply(Article 34).
GDPR prohibits the transfer of personal data outside the EU unless there are appropriate measures in place to protect encryption keys and ensure the security of personal data(Article 45)?
GDPR grants several rights to data subjects, such as the right to access, rectify, and erase their personal data (Articles 15 to 17)?
Key Benefits of comforte’s GDPR Compliance Services
The comforte Data Security Platform provides data discovery, classification and protection capabilities to help you:
FAQs on GDPR Compliance Services
What is GDPR?
GDPR (General Data Protection Regulation) is a comprehensive data protection and privacy regulation implemented by the European Union (EU) to safeguard the personal data and privacy of EU residents.
Who does GDPR apply to?
GDPR applies to companies or entities that process personal data through their EU-based branches, regardless of the location where the data processing occurs. This means that both EU-based organizations and non-EU organizations that process personal data of individuals residing in the EU fall under the scope of GDPR.
Why comply with GDPR?
Organizations should comply with GDPR to avoid steep fines, meet legal requirements, protect individual rights, enhance data security, build trust and reputation, gain a competitive advantage, and align with global data protection standards. Moreover, non-compliance with GDPR includes fines of up to EUR 20 million (USD $22 million) or 4% of a company's global annual revenue, whichever is higher.
How to get GDPR compliant?
To achieve GDPR compliance, organizations should assess their applicability, conduct a comprehensive data inventory, update privacy policies, manage consent effectively, implement robust data protection measures, establish processes for data subject rights, develop procedures for handling data breaches, ensure proper data processing agreements, incorporate privacy by design, train employees, and conduct regular compliance assessments. Data centric security can help with compliance by safeguarding the data itself rather than solely relying on perimeter defenses. It entails implementing security measures and controls directly at the data level to ensure protection, regardless of its location or the systems and networks it traverses.
What data is protected under GDPR?
GDPR protects various types of personal data, including basic identifying information (e.g., name, address), sensitive data (e.g., health, religion), online identifiers (e.g., IP addresses, cookies), and even biometric and genetic data, which are considered special categories of data under the regulation.
Next steps
GDPR is vitally important to be compliant with. If you would like to learn more about our GDPR compliance services, please feel free to get in touch with our experts who would be happy to discuss solutions.
Contact us