Today, May 4, 2016, the General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union. This means you now have until May 25, 2018 to ensure your data processing activities comply with the newly adopted GDPR requirements.
Are you ready?
The Regulation will have a considerable impact not only on all organisations based in the European Union that process personal data, but also on organisations based outside of Europe that provide services to the European market.
It makes sense to carry out a snapshot assessment of the impact of the Regulation on your organisation, so that you can take steps to identify and implement any necessary changes.
Any assessment ought to be tailored to your specific operational needs, but is likely to focus on such key issues as fair processing, privacy notices, information governance structures, privacy impact assessments, appointment of a DPO, data breach response procedures for the much broader range of personal information subject to the GDPR rule, and vendor risk management.