The GDPR will replace the older EU Data Protection Directive at take effect May 2018. GDPR stands for the European Union General Data Protection Regulation. There are currently 28 different sets of data protection laws across the European Union. The GDPR will replace these with a pan European regulatory framework. As a Regulation, it is directly effective in all member states without the need for further national legislation.
The GDPR applies to all EU organizations, whether commercial business or public authority, that collect, store or process the personal data of EU individuals. Organizations based outside the EU that monitor or offer goods and services to individuals in the EU will have to observe the new European rules and adhere to the same level of protection of personal data. The Regulation also requires such organizations, controllers and processors, to appoint an EU representative based in one of the member states in which the relevant individuals are based. This is unless the processing is occasional and does not include large scale processing of special categories of data or processing of data relating to criminal convictions and offences.
Brexit effect UK organizations handling personal data still need to comply with the GDPR, regardless of Brexit. The government has confirmed that GDPR will apply in the UK.
The GDPR allows DPAs to fine companies up to 4% of their international revenue or €20 million whichever is greater.
The GDPR encourages the adoption of certification schemes to demonstrate compliance. Compliance with the international information security standard ISO 27001, can help organizations demonstrate the data security requirements of the GDPR. Implementing ISO 27001 and adapting that for GDPR involves building a holistic framework of processes, people and technologies to secure information.
We provide end to end process for SSAE 16, SOC 1/ AT 101 Engagements. With data moving into the Cloud and increased use of BIG DATA, Cloud Security and Privacy concerns are on the rise. We conduct integrated Cyber security engagements with privacy engagements. AICPA has developed the SOC reporting framework for privacy, which can help organizations to ascertain their level of maturity for privacy. With more stringent regulations like HIPAA, EU-GDPR and enforcement of these privacy issues are causing nightmares to organizations.
Some of the advantages of working with Us are:
Download our SSAE 16 Services
Download our SOC 2 for Cloud Services
Download our SOC 2 for HITRUST/HIPAA Services
Download our GDPR Readiness Services