The May 25 Deadline Is Coming. Are You Ready?
"The protection of natural persons in relation to the processing of personal data is a fundamental right."
General Data Protection Regulation, Council of the European Union, April 2016
The European Union’s General Data Protection Regulation (GDPR) will significantly impact people, processes, and technology in companies around the world — not just those based in Europe. Your organization is required to comply with GDPR as of May 25, 2018 if
- You offer goods or services to EU residents or companies,
- You have employees residing in the EU, or
- You monitor the behavior of EU residents.
The GDPR involves various established data practices, such as enterprise data management (EDM), master data management (MDM), consent management, data integration, and enterprise architecture — all areas in which Primitive Logic has successfully worked with clients for decades.
What Is the GDPR?
The EU enacted the GDPR to give its residents greater control over when, where, and how their personal data is used, and to hold companies accountable for managing personal data responsibly. The GDPR marks a significant shift from existing regulations on numerous counts, including the following:
- The definition of “data subject” now includes consumers/clients, employees, business partners, board members, joint venture partners, and vendors.
- The regulation applies to any organization that collects or manages personal data of EU residents, regardless of where the company is located.
- The GDPR confers specific rights to EU data subjects, including the right to restrict how their data is processed, the “right to be forgotten,” and several others.
- Organizations affected by GDPR are responsible for complying with new requirements, including reporting any data breaches affecting EU data subjects within 72 hours.
Why Is GDPR Compliance So Important?
If the GDPR applies to your organization and you fail to comply as of May 25, 2018, your organization could be subject to a fine of 20 million euros (about $23 million) or 4 percent of your total worldwide annual revenue, whichever is greater.
GDPR compliance will also be a key consideration if you are looking to do business with or to be acquired by a European organization. If a potential partner or acquirer asks whether your organization is GDPR compliant, they will want to see documentation to show what you've done and how close you are to complying.
How Primitive Logic Can Help
Primitive Logic has more than 30 years of experience implementing solutions for clients in the areas of data integration, enterprise architecture, enterprise data management (EDM), and master data management (MDM) — all vital components of GDPR compliance. Since 2017 we've been helping clients to prepare for GDPR by identifying gaps, developing and implementing plans for addressing them, and documenting the results.
We offer clients the benefit of our GDPR expertise through two services:
We design and implement a readiness plan to help ensure that, when May 25 enforcement day arrives, your company is as prepared as possible. Our team works side-by-side with your IT, compliance, legal, HR, and other departments to
- Identify the specific GDPR articles that apply to your organization
- Perform a data processing inventory of all applications that handle personal data of EU residents
- Assess gaps between each of your current data processes and the applicable GDPR requirements
- Build and execute a plan for filling each gap
- Document the results
GDPR Compliance Audit
If you've been working towards compliance and need an objective assessment of where you are today, Primitive Logic can help. We leverage our deep knowledge of GDPR and our data management expertise to evaluate the results of your efforts to date. We look at each of your data process and perform a gap analysis detailing where you are now and where the GDPR requires you to be. Then we compile the results into a comprehensive report that
- Gives you an accurate snapshot of your current compliance status
- Describes what still needs to be done to achieve compliance
- Provides objective third-party documentation that can be shared with potential partners or acquirers
Primitive Logic helps you better understand how your organization is using personal data, then we create and implement a strategic roadmap to GDPR compliance and document the results.
- 013 : Understand : We assess the current state to evaluate the current compliance posture across 3 areas: data processing, security, and policies.
- 014 : Plan : We build a remediation plan to address issues and gaps, and we partner with you to scope and build a roadmap of the required remediation activities.
- 015 : Act : We work to operationalize compliance by implementing GDPR programs/projects that address gaps in compliance.
- 012 : Document : We document the results of your compliance efforts, both for your own information and for potential business partners or acquirers.
Laying the Groundwork for GDPR Compliance
Primitive Logic helped this global engineering firm prepare its policies, procedures, and applications for compliance with the EU GDPR.
We Can Help
Let the Primitive Logic team help you achieve mindful digital transformation.