What is GDPR?

´

What you need to know about GDPR

GDPR stands for General Data Protection Regulation and is one of the toughest privacy laws in the world. Even when GDPR originated as law in the European Union, it affected organizations all over the world. If you as a company target or collect data from people within the EU, GDPR imposes obligations onto your organization.

How does it affect your organization?

If your organization collects or targets personal data related to an individual, both directly and indirectly, then the GDPR applies to your organization. Even if you are outside of the EU.

What exactly is personal data?

Personal data is any form of information that can be used to directly or indirectly identify a certain individual. Popular examples of personal data are names, email addresses or location details. However, there are more types of data that are considered personal data that are often overseen such as: ethnicity, gender, personal identification numbers, religious beliefs or even your website cookies.

What if you violate GDPR?

The lack of tools and the amount of work often led to organizations not having a calculated GDPR strategy. However, not complying to GDPR can be very costly. Fines for violating GDPR may be as much as 4% of your global revenue and the additional cost of compensation to the individual(s) in question.

How we can help you with your GDPR strategy

As an organization you have to be able to show that you are GDPR compliant, and if you cannot show it, you are considered not compliant. Automated-Now can help you with:

  • Maintain an overview of the different personal information data types that you are collecting, how and where it is stored and which employees are responsible for it.
  • Find out what Personally Identifiable Information (PII) you have stored for a certain individual in your organization and generate a report.
  • Detect unregistered PII data. Find out if you have PII data stored in any locations where it should not be stored.
  • Maintain an overview, and collect authorization (or consent) of individuals within your organization to store or use their personal data. And store documentary evidence of consent.