The European Union (EU) General Data Protection Regulation (GDPR) is one of the most significant changes in data privacy regulation and it goes into effect worldwide on May 25, 2018.
GDPR applies to any business or organization that handles or processes EU citizen personal data, regardless of where that business or organization is located in the world. GDPR requires that those organizations have the proper security and data protection in place to protect that data.
CyberGRX is here to help identify any gaps in your third-party program that could put you at risk of non-compliance.
According to the European Union GDPR regulatory website, personal data constitutes as:
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
How GDPR Effects You
Outsourcing data to a third party or vendor does not relieve you of your duty to protect it, according to GDPR. In fact, organizations that outsource data processing to a third party, such as a vendor, contractor, partner or customer, remain responsible for the security of that data. Failure to do so can result in GDPR noncompliance, with penalties that include fines up to 4% of annual global turnover or €20 million, whichever is greater.
The CyberGRX GDPR readiness program was designed to help you determine whether you and your third parties are compliant by identifying any potential gaps and arming you with a prioritized mitigation strategy.
1. Identify which of your third parties need to be GDPR compliant
Our customer success and services team can help you survey your digital ecosystem to identify which of your third parties may need to be GDPR compliant.
2. Assess the controls your third parties have in place to determine if there are any gaps
CyberGRX risk analysis now includes GDPR readiness questions around controller and processor requirements that will help organizations identify and confirm if they have the proper GDPR controls and security strategy in place. These questions cover the following areas:
Controller
Privacy By Design | Data Minimization & Monitoring | Integrity & Accountability | Fairness & Accountability
Processor
Privacy By Design | Data Minimization & Monitoring | Integrity & Accountability
3. Develop a prioritized plan to address identified gaps and work with your third parties to mitigate them
Our advanced analytics, dynamic stream of risk data and customer success team will help identify and prioritize any gaps, so you can create a strategy with your third parties.