For many organizations, building and operating a cutting edge data protection program hasn’t been a top priority. The GDPR is ushering in a new era of accountability, in which every regulated organization that collects, stores and uses sensitive customer data needs to raise the bar to meet new standards.
Are you GDPR compliant?
Penalties for non-compliance can include fines of up to four percent of annual worldwide turnover, and instructions to cease processing.
Additionally, Europeans will soon be able to file class-action lawsuits for violations, instead of having to sue individually. This provides yet another incentive for companies to come to terms not only with the GDPR, but with data protection and privacy in general. Get it right, and you can enhance your brand reputation and resilience going forward. Get it wrong, and you are likely to end up in the financial—and legal—line of fire.
There are four important things companies subject to the directive should have in place by now, at a minimum:
- A Data Protection Officer
- Data protection register management
- Data processor and third-party risk management
- Incident response management and reporting
In order to successfully address data protection and privacy regulations and maintain a competitive advantage, the critical components of all enterprise initiatives should be well-considered: people, process and technology. The Sirius GDPR Readiness Assessment helps you determine the current state of capabilities that are required for compliance, and identify, assign, and track open items all the way through to remediation. Contact your Sirius representative today to learn more.