Design and maintain a defensible, compliant General Data Protection Regulation (GDPR) strategy.
GDPR, Europe’s data privacy and security laws, are the most stringent in the world—carrying hundreds of pages of requirements applicable to any organization dealing with data related to people in the European Union (EU).
The adoption of this regulation provides supervisory authorities with expanded powers of enforcement. This includes issuing warnings, auditing, requiring remediation, and suspending data transfers to other countries.
The regulation empowers authorities to issue substantial penalties for non-compliance—depending on severity, organizations could face up to 4% of annual revenue or 20M, whichever is higher.
Significant fines imposed in the past few years such as Google (€50m – France), TIM (€27.8m – Italy), and Austrian Post (€18m – Austria) are significant not only in their amounts, but also the indication that authorities are becoming increasingly comfortable penalizing non-compliance with a very broad range of infringements including simple over-retention of personal data.