The General Data Protection Regulation (GDPR) is a European Union law requiring organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. Any organization that processes the personal data of people in the EU (The organization doesn’t have to be situated in the EU) must comply with GDPR. Relevant information includes names, email addresses, IP addresses, eye color, political affiliation, etc.
The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. The first step towards compliance is to conduct a GDPR assessment to determine what personal data is controlled, where it is located, and how it is secured. Organizations must also adhere to GDPR privacy principles, such as obtaining consent and ensuring data portability. They may also be required to appoint a Data Protection Officer.
The maximum penalty for non-compliance is €20 million or 4% of global revenue, whichever is higher. Data protection authorities can also issue sanctions.
Organizations can ensure compliance by streamlining the process of collecting and analyzing data, automating gap remediation and accessing real-time compliance scoring using CyGov’s compliance management platform.
CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the GDPR requirements. CyGov has mapped GDPR back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.