Are you in the process of creating a GDPR compliance framework for your business? It can be a tricky process, and there is a lot to take into consideration. Read our handy guide that will answer some of the most frequently asked questions
-
-
Have you considered a fractional or contracted DPO?
Appointing a DPO can be a costly endeavor for organizations of any size. This exclusive role can be outsourced to qualified officers in the EU to manage all the requisite functions related to the DPO role, including queries, education, contractual support and communication directly to data subjects.
-
How does GDPR/HIPAA/CCPA compliance give my organization a competitive edge?
A well-structured compliance framework can deliver significant corporate advantages such as improved staff productivity, efficiency, decision-making, transparency and risk management, while securing the organization’s reputation and brand as data breaches and fines are minimized.
-
Are your Privacy Shield agreements now invalid?
Privacy Shield was invalidated on July 17, 2020. If your contractual framework was aligned with Privacy Shield and your data subjects may include EU citizens from 32 nations, your organization may be at risk.
-
Did you know US companies getting dinged?
The GDPR “grace period” is officially over. Many US organizations have already been fined, Marriott’s was up to $123M. US organizations have been fined for data breaches, consent and transparency, unlawful processing and use of personal data, targeted advertising and data analysis.
-
Have you fully assessed your exposure?
A business process flow and data privacy assessment should be a precursor to your compliance and data privacy strategy. Assessment of what data do you collect, keep, length of storage, location of storage, security, accessibility, and distribution of data with partners, and partner compliance should all be reviewed, ratified and monitored.
-
Have you designated a DPO in your organization?
A senior level Data Privacy Officer, reporting directly to the CEO in an exclusive and non-commercial capacity should manage communications with data subjects, drive education and training and drive contractual and compliance initiatives.
-
Are your employees, including marketing teams trained on GDPR/CCA/HIPPA best practices?
Seemingly innocuous activities such as lead generation, tradeshows, e-marketing and collecting web-related cookie information on data subjects can be protected data from EU data subjects. GDPR/HIPAA/CCAA training, education and compliant processes must be enforced even at this level of customer interaction.
-
How is HIPAA/HITECH, ISO, 21CFR, CCPA and GDPR related?
While each compliance and regulatory body may have specific focal points on data protection and privacy, formulating a well-structured corporate GDPR compliance framework can help the organization deliver the compliance benefits without becoming overburdened.
-
Is your data related to EU citizens stored in European data centers?
Leveraging technology, processes and qualified people to adequately de-identify data and meta-data, manage the storage and purging of data including the storage of approved personal data should be within the domain of the European Union, not on-premises or US-based cloud storage.
-
Is Compliance an integral part of your Cybersecurity strategy?
Cybersecurity technology without the appropriate rigor of a compliance framework including validated processes, training, monitoring and management is equivalent to a toothless tiger. Keeping your Cybersecurity program updated, managing access, education and adopting administration protocol can mitigate risks related to attacks and breaches.
-
If you would like to know more about GDPR24 and how your organisation can benefit from outsourcing to an experienced data protection officer to manage your compliance, please get in touch with the team.
