2017

The General Data Protection Regulation (GDPR) not only redefines the scope of European Union (EU) data, but it also forces organizations worldwide to ensure compliance.

Effective in May, the GDPR adds another level of intricacy to the issue of critical information asset management and aims to establish the same data protection level for all EU residents. Government-appointed bodies have been established in most counties that have powers to inspect, enforce and penalize the processing of personal data.

It is advisable for organizations to complete GDPR regulations before the deadline in order to allow time for requesting and responding to third-party assurances.

The European General Data Protection Regulation (GDPR) will go into effect in May 2018 and while global organizations are required to demonstrate compliance of their security and privacy practices, it goes beyond just the internal organization: the GDPR also extends to the third-party vendors of GDPR-applicable companies.


While you are working diligently to help ensure your own organization is compliant with GDPR, your organization is explicitly responsible for the readiness and conduct of the third parties that store or process your EU citizen 's personal information.

We see that there are three priorities for third-party management: understanding the different roles defined in GDPR, key contract elements to consider for GDPR processors, and assessing the applicable processors for compliance.

The German Ministry of Interior Affairs has published an English translation of the new Federal Data Protection Act (BDSG), which will provide for the European Union General Data Protection Regulation (GDPR).
 
The new BDSG replaces a 40-year-old national predecessor and is the first step toward adapting national German member State law to the provisions of the GDPR. Effective in May 2018, the changes include specific processing situations, data protection officers, video surveillance, documentation, and aggravated compliance controls, among other key highlights.
 
It will be important for companies to determine how the changes may affect their specific business model and data processing.