The General Data Protection Regulation (GDPR) is a landmark new privacy law that will enter into force on May 25th 2018.
It replaces the Data Protection Directive 95/46/EC and is designed to give greater protection and rights to EU citizens and to redefine the way organizations are approaching data privacy.
It regulates the processing of personal identity information which includes the collection, storage, use, and transfer of personal data about EU citizens.
Under the GDPR, the EU defines “personal data” broadly, without providing a finite list of personal data types, therefore, the law covers any information relating to an identified or identifiable EU citizen:
The GDPR states that any organization that processes personally identifiable information of EU citizens needs to comply with the GDPR, regardless of where they are located and where they have an office.
It classifies these entities as either data controllers or data processors:
Potential fines predicted for the GDPR non-compliance are severe and amount up to €20.000.000 or 4% of global annual turnover, whichever one is greater.
Another negative impact you may face, if you fail to comply with the GDPR, is the reputational one, where you risk the trust of your employees, business partners, customers, and other entities whose personal data you are handling.
Organizations have to map out all personal data flows and understand what is being processed, by whom and for what purposes, within their organization but also by the third-parties they are doing business with.
AppsCo tracks where personally identifiable information is going through the employment of universal directory, provisioning, and the application-assigned workflows. Moreover, AppsCo gives you the control and assurance that your pre-defined company policies are being enforced, eliminating any security loopholes within your organizational ecosystem.
Organizations have to accommodate and execute, in a timely manner, data subjects’ rights:
AppsCo requires an active consent by the data subject each time new application is being shared with them through the AppsCo central dashboard. This provides a detailed explanation about which app is trying to gain access to which personal data and to what end it will use it. AppsCo pulls these information together and makes it easily accessible to each user, at any time, and enables exporting in a standardized format.
Companies are required to provide IT and security teams with actionable information and meet the 72-hour breach notification requirement.
AppsCo provides detailed reporting, password scoring system and audit log that together uncover any abnormal activities in a timely manner and raise security alerts. By centralizing all data work into one place, data governance and potential audits are made easy.