GDPR Compliance
What is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).
This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply to the reCAPTCHA services. You can learn more about how NAVEX processes your personal data by reviewing the NAVEX privacy statement.
Demo successfully requested! A team member will reach out soon to schedule your demo session.
If you need help or want further info in the meantime, feel free to give us a call at 1-866-297-0224.
Have a nice day. :)
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).
The European Union’s Global Data Protection Regulation (GDPR), enacted in 2018, has effectively replaced the 1995 Data Protection Directive. It includes a number of key changes that address modern data-driven environments. To comply, organizations must develop specific processes governing internal records and data breach notifications; appoint a Data Protection Officer; allow individuals to access and control what personal data is collected and how it is used; and more. Under the new territorial scope of the GDPR regulation, the law applies to many organizations that sell goods or services within the EU, regardless of where their businesses are located.
New GDPR requirements have created major concerns for data privacy professionals and others working with Governance, Risk, and Compliance (GRC). Organizations that fall under GDPR must embed privacy-by-design concepts across the enterprise, including their product lifecycle, vendor management, and human resources. In addition to a number of other requirements under the new GDPR definition, individuals must be notified of personal data breaches within 72 hours. Failure to comply with GDPR requirements can result in fines of up to 4% of an organization’s global annual revenue, or up to €20 million, whichever is greater.
Data protection and privacy-by-default concepts must be part of the launch of all data processing technologies and processes.
Effective and accessible reporting mechanisms should be in place so data breaches, big or small, can be reported and escalated immediately.
New GDPR requirements need to be operationalized throughout the organization with extensive and thorough policy and procedure updates and dissemination.
Employee risks should be identified and training should be assigned to educate at-risk employees on their new responsibilities under the Global Data Protection Regulation.
Make sure internal policy and procedure management capabilities allow you to align the entirety of your workplace with the broadened scope of new GDPR requirements.
Manage individual requirements, investigative case management, crisis management, regulatory reporting, and other individual requirements proactively.
Implement multiple whistleblower incident management reporting methods including a compliance hotline as well as deploy a comprehensive communications effort to inform employees of their role in identifying and reporting data breaches.
Create and roll out a multiyear training program that trains each employee group on the GDPR topics applicable to their roles and the data they manage.
Extend your privacy-by-design standards through your supply chain, garner attestation to policies and identify reporting channels to all vendors and contractors with effective third-party management and due diligence.
Datasheet
GDPR ComplianceDatasheet
GDPR Compliance ChecklistWhite paper
Privacy By Compliance