GDPR compliance

GDPR compliance

GDPR tips and information with Spanish Point

From May 25th 2018, a new European privacy law called the General Data Protection Regulation (GDPR) takes effect. The GDPR expands the privacy rights granted to EU individuals, and it places many new obligations on organisations that market to, track or handle EU personal data, no matter where an organisation is located.


What is GDPR?

A new comprehensive data protection law in the EU that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.


What does the GDPR regulate?

The GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).


Key GDPR Changes

Enhanced Personal Privacy

Strengthened data protection for individuals within the European Union (EU) by ensuring they have the right: to have access to data, to correct inaccuracies, to erase data, to object to processing of their information, and to move their data


Increased duty for protecting data

Reinforced accountability of companies and public organizations that process Personal Data, providing increased clarity of responsibility in ensuring compliance


Mandatory breach reporting

Companies are required to report data breaches to their supervisory authorities without undue delay, and generally no later than 72 hours


Significant penalties

Steep sanctions, including substantial fines that are applicable whether an organization has intentionally or inadvertently failed to comply


How you can get started with GDPR compliance

Given how much work may be involved in preparing, you should not wait until they begin enforcing the regulations in May 2018. You need to begin reviewing your privacy and data governance policies and procedures now. Many organizations take this opportunity to review data strategy and modernize infrastructure. We recommend you begin your journey to compliance with the GDPR by focusing on four key steps:


  1. Discover

Identify what personal data you have and where it resides


  1. Manage

Govern how personal data is used and accessed


  1. Protect

Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches


  1. Report

Keep required documentation, manage data requests and breach notifications


Click here to see how Dynamics 365 can be implemented to help you comply with the GDPR.