+1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

EU GDPR Compliance Checklist: Are You Prepared?

Written by Joseph Carson

March 6th, 2018

As the deadline for compliance with the EU General Data Protection Regulation (EU GDPR) rapidly approaches, some security companies are offering ‘silver bullets’ to solve anything and everything to do with the new requirements.

“Step right up folks, all you need to do is install this one box and your problems are solved.”

If only compliance was that simple.

The new regulation has been in progress for several years and replaces the European Data Protection directive from 1995. It builds a consistent foundation across all EU states for the protection of data and critical infrastructure.  It establishes requirements that prioritize privacy and security for EU citizens and represents a big change to how nations and companies collect and process Personally Identifiable Information (PII).

If you deal with PII of EU citizens, EU GDPR applies to you

EU GDPR is not bound by international borders. If your organization is dealing with EU citizens’ PII, you are obliged to comply. This includes services hosted outside of the EU that service EU citizens. And what if you are NOT based in the EU? It makes no difference—if you deal with PII of EU citizens, EU GDPR applies to you.

If adequate security measures are not in place at the time of the data breach, you could incur significant penalties and fines—20 million euros or 4% of annual turnover.

If GDPR compliance sounds overwhelming to you, I can assure you you’re not alone. To assist you with the task of becoming compliant I’ve provided a quick GDPR checklist, and you can download a more detailed version too.

THE QUICK EU GDPR CHECKLIST

  1. Are you collecting or processing EU Citizens Data?
  2. Are you obtaining and recording Consent?
  3. Have you performed a Data Impact Assessment?
  4. Have you secured access to PII?
  5. Have you implemented Privacy by Design?
  6. Are you prepared to respond to complaints?
  7. Do you require a Data Protection Officer?
  8. Have you implemented an Incident Response Plan?

EU GDPR is the first of many changes to data protection regulations and compliance mandates. We can expect that controls will become more stringent and fines will rise. The steps you take now to comply with EU GDPR will make it easier to adjust to new regulations as they are released. Waiting will put you even further behind and it will be more expensive and time consuming to catch up.

Of course, no one wants to be the poster child for noncompliance.  No one wants to pay fines or be used as an example. More importantly, no one wants to expose their organization, customers or employees to the damage caused by a data breach.

Download a detailed version of the EU GDPR Checklist, then watch the EU GDPR Webinar here.

IT Security should be easy. We’ll show you how.

Try Secret Server and experience how FAST & EASY
IT security products can be.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.