General Data Protection Regulation

What you need to know and how to prepare for the GDPR

AppsCo is your partner in the GDPR compliance

What is the GDPR?

The General Data Protection Regulation (GDPR) is a landmark new privacy law that will enter into force on May 25th 2018.

It replaces the Data Protection Directive 95/46/EC and is designed to give greater protection and rights to EU citizens and to redefine the way organizations are approaching data privacy.

What does the GDPR regulate?

It regulates the processing of personal identity information which includes the collection, storage, use, and transfer of personal data about EU citizens.

Under the GDPR, the EU defines “personal data” broadly, without providing a finite list of personal data types, therefore, the law covers any information relating to an identified or identifiable EU citizen:

  • - Personal data, such as email addresses and employee ID numbers
  • - Information that could be traced back to a specific person, given the right circumstances

Who does the GDPR apply to?

The GDPR states that any organization that processes personally identifiable information of EU citizens needs to comply with the GDPR, regardless of where they are located and where they have an office.

It classifies these entities as either data controllers or data processors:

  • - Data controller exercises control over the processing of personal data and decides which data to collect
  • - Data processor acts at the direction of data controller to collect, store, retrieve, or delete personal data

How does the GDPR impact you?

Potential fines predicted for the GDPR non-compliance are severe and amount up to €20.000.000 or 4% of global annual turnover, whichever one is greater.

Another negative impact you may face, if you fail to comply with the GDPR, is the reputational one, where you risk the trust of your employees, business partners, customers, and other entities whose personal data you are handling.

AppsCo proactively responds to the main GDPR pillars

Data Storage

Organizations have to map out all personal data flows and understand what is being processed, by whom and for what purposes, within their organization but also by the third-parties they are doing business with.

AppsCo tracks where personally identifiable information is going through the employment of universal directory, provisioning, and the application-assigned workflows. Moreover, AppsCo gives you the control and assurance that your pre-defined company policies are being enforced, eliminating any security loopholes within your organizational ecosystem.

Data Subjects’ Requests

Organizations have to accommodate and execute, in a timely manner, data subjects’ rights:

  • - to be forgotten and have all their data erased
  • - to data portability and a copy of all their personal data
  • - to data access and information what data is being processed, where and for what purposes

AppsCo requires an active consent by the data subject each time new application is being shared with them through the AppsCo central dashboard. This provides a detailed explanation about which app is trying to gain access to which personal data and to what end it will use it. AppsCo pulls these information together and makes it easily accessible to each user, at any time, and enables exporting in a standardized format.

Data Governance

Companies are required to provide IT and security teams with actionable information and meet the 72-hour breach notification requirement.

AppsCo provides detailed reporting, password scoring system and audit log that together uncover any abnormal activities in a timely manner and raise security alerts. By centralizing all data work into one place, data governance and potential audits are made easy.