Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
GDPR may seem like yet another complex regulation. But in the wake of multiple data breaches, it represents a step forward towards greater accountability and enforcement. Read this report to learn about the trends, critical focus areas, and predictions for GDPR compliance in 2018.
GDPR gives EU citizens several new rights, including the right to rectification, the right to be forgotten, the right to restrict processing, and the right to object. As a growing number of EU citizens begin to execute these rights, organizations and government agencies, as well as data protection authorities, will find themselves largely unprepared to deal with the massive volume of complaints and requests that come their way. To avoid this hurdle, data controllers would do well to ensure that their organizations, as well as those of their third parties, implement effective case management processes. Similarly, data protection authorities should assess their complaint management systems and processes to ensure that they are capable of handling large surges.
By mid-2019, the first €1 million or greater penalty under GDPR will be levied. Usually, a new regulation comes with a period of adjustment where regulators decide on their enforcement priorities. However, with GDPR, data protection authorities are in a very public spotlight. Their reaction and response to the first few data breaches that occur will set the precedent for future enforcements – especially if there is a delay in the reporting of these breaches. Compared to the US, Europe has historically reported fewer data breaches, but that could change with the GDPR’s mandate on companies to report breaches within 72 hours of becoming aware of them. For data controllers and processors, the best defense is to implement robust data protection programs that are well planned and documented, well-tested, and audit-ready.