GDPR
Compliance
GDPR Compliance
The General Data Protection Regulation (GDPR) is an EU regulation which will apply across the European Economic Area (EEA) from 25 May 2018. Organizations must comply with the regulation and be able to demonstrate their compliance with it.
Among the many changes and updates which organizations must implement are the requirements to keep records of processing activities, to contract with third-party processors using the terms set out in the regulation, to provide enhanced information notices to those whose data they process, and to respond to individuals’ requests for information relating to processing without undue delay and at the latest within a month.
Penalties for failure to comply with the regulation are substantial, with fines of up to 4 per cent global turnover or €20 million, whichever is greater. The sanctions that may result from non-compliance with the GDPR underline the importance of preparing your organization for GDPR compliance.
GDPR Data Map
To comply with the GDPR and demonstrate compliance, organizations need to understand how they deal with personal data. In particular, they need to understand and record the categories of personal data they collect, from whom they collect it, where it is stored, how they process it, and how long they keep it. Epiq’s GDPR data map allows organizations and their advisors to assess and document their compliance and identify unforeseen or unintended uses of personal data.
Data Remediation
There has been a huge increase in the amount of data which organizations create and store. However, retaining data without assessing the value of that data can increase the risk of breaching GDPR.
Epiq uses a range of best-in-class tools and technologies to help clients audit, cleanse, monitor, index, and assess their data, enabling them to retain business-critical information while establishing efficient and effective data governance processes to minimize the data they hold.
Subject Access Requests
GDPR reduces the response time and cost to individuals of making applications for subject access requests (SAR). This is likely to increase the number of SARs organizations need to deal with. Organizations will need to acquire the technical and operational capability to find every place that employee records could exist across global organizations, in multiple geographies, and with employees using different communication tools.
Epiq helps organizations implement repeatable, scalable, and cost-effective processes for responding to these requests. We help you to search, identify, retrieve, redact (where necessary), and export data from their systems in an efficient and defensible manner.
Data Protection Impact Assessment
GDPR requires controllers to undertake data protection impact assessments when an organization’s processing of personal data is likely to result in a high risk to the rights and freedoms of individuals. Epiq helps organizations audit relevant data processing activities and produce an assessment report.
Contact Epiq today to learn more about our GDPR Compliance capabilities.