Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Is Your Organization GDPR Compliant? Use a Checklist
The General Data Protection Regulation places a significant burden on organizations around the world and penalties are harsh. But the rules are clear and embracing them represents a brand-building opportunity.
In May 2018, the European Union enacted sweeping new digital privacy legislation known as the General Data Protection Regulation (GDPR). GDPR may be a European law, but since it affects anyone collecting and using EU citizen data – from large corporations down to many small, independent businesses – it almost has the effect of global law.
Specifically, the GDPR applies to:
…organizations located within the EU [and] organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The penalties for noncompliance are breathtaking. As the official GDPR site explains, organizations committing the most egregious sins (for example, “not having sufficient customer consent to process data or violating the core of Privacy by Design concepts”) can be fined up to 4% of their annual global revenues. (One large company currently faces a $230M fine for weak security related to a major breach.) Lesser penalties apply for things like faulty record-keeping or failure to notify authorities in the event of a breach. The rules pertain to both “controllers” and “processors,” so having your operation in the cloud isn’t a defense.
What are the GDPR compliance requirements?
GDPR has significantly increased the compliance burden for many companies around the globe. The good news is that the specific details are very clearly spelled out, meaning there’s no real excuse for any business to run afoul of the law.
Most major organizations are already fully compliant with GDPR. However, some may just now be launching into European markets, and others may have failed to get ahead of the regulations soon enough and now find themselves in potential jeopardy.
For these businesses (as well as anyone wanting a refresher), there are some very helpful resources available.
The EU’s GDPR Checklist outlines the four compliance categories: Lawful Basis and Transparency; Data Security; Accountability and Governance; and Privacy Rights.
Lawful basis and transparency
Accountability and governance
The site offers more on the principles underlying each requirement and is a must-bookmark for all executives and managers employed by organizations with customers and readers in Europe.
GDPR: an opportunity to strengthen your brand
Let’s add one final item to the checklist: respect GDPR and embrace the opportunity it represents.
Some businesses (especially in the US) resent GDPR because it restrains their ability to operate as freely as they’d like. While this attitude may be understandable, it’s potentially counterproductive. The law resulted from a broad public perception that businesses can’t be trusted – and sadly, there have been instances where organizations failed to behave ethically.
These companies represent a small minority. Despite the headaches, GDPR represents an opportunity for ethical organizations to improve their relationships in the marketplace and, in doing so, help repair the damage bad actors have done in the public eye.
Why? Because citizens upset at cavalier data privacy uses are likely to appreciate companies that take their concerns seriously.
Privacy regulations like GDPR are a reality of the future business landscape (the California Consumer Privacy Act is becomes law on January 1, 2020, with penalty enforcement to take effect next summer, and there’s every reason to expect more legislation like it will follow in the coming years). Organizations that embrace the trend and make consumer privacy part of their strategic mission are not only avoiding sanctions; they’re building their brands – and are perceived as more trustworthy in the market.
Let us know what you need, and we will have an Optiv professional contact you shortly.