New FAQ guide answers critical questions about compliance with new EU data regulation
Menlo Park, CA – July 26, 2018 – For companies on the journey to compliance with the European Union’s ground-breaking new General Data Protection Regulation (GDPR), global consulting firm Protiviti has teamed up with Robert Half and Baker McKenzie LLP to provide a GDPR resource of frequently asked questions. Titled “Understanding the General Data Protection Regulation,” the GDPR guide has been developed to help businesses navigate the challenging and wide-ranging mandate. The complimentary guide takes a deep dive into GDPR requirements and details specific components of the regulation to assist companies in understanding the processes needed to achieve – and maintain – compliance.
“The GDPR represents the most significant change in data regulation in 20 years. Fines for GDPR noncompliance can reach four percent of a company’s global revenues, so it’s critical that companies know how to operate under this new regulation,” said Kurt Underwood, a Protiviti managing director and global leader of the firm’s technology consulting practice. “Our guide serves as a practical resource for people from the boardroom to the IT department to understand and help their organization comply with the GDPR’s complex requirements.”
The GDPR was issued by the European Commission, the European Parliament and the Council of Ministers of the European Union (EU) to supersede the Data Protection Directive adopted on October 24, 1995. Effective as of May 25, 2018, the purpose of the GDPR is to strengthen and unify data protection for individuals residing in the EU by regulating the processing of personal data for citizens, residents and anyone inside the EU, either electronically or as part of a paper filing system. The regulation affects any and all organizations doing business within the EU or the European Economic Area, no matter where they are based.
“Any business handling personal data of individuals in the European Union or the European Economic Area in the EU must now take greater care when acquiring, sharing and using this information. Many organizations are still unprepared to comply with the GDPR,” stated Joel Wuesthoff, a managing director for Robert Half Legal’s consulting solutions practice. “In addition to formalizing their internal and external facing privacy policies and practices, it’s also imperative that they put suitable third-party contracts and processes in place reflecting the provisions of GDPR Article 28.”
The guide’s development was prompted by the numerous questions global clients of Baker McKenzie, Protiviti and Robert Half have been posing about this extensive, complex and nuanced regulation. Questions in the guide range from “What is ‘personal data’ as defined under GDPR?” to “What are considered appropriate safeguards?” The guide answers these and more than 70 other questions covering subjects including data privacy rights; cross-border data transfers; liabilities and penalties; and responsibilities of a data protection officer.
At its core, the GDPR poses new broad-based data protection principles, which are outlined in the guide as:
- Lawfulness, fairness and transparency - data is processed lawfully, fairly and in a transparent manner in relation to the data subject
- Purpose limitation - data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Data minimization - data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- Accuracy - data that is inaccurate must be erased or rectified without delay
- Storage/retention limitation - data that permits identifiability may be kept for no longer than necessary for the purposes for which the personal data is being processed
- Integrity and confidentiality - data is processed in a manner that ensures appropriate security
The guide also outlines the cornerstones in the process of becoming GDPR compliant. They are:
- Awareness: Chief security officers, IT managers, CEOs, business unit managers, etc., must be informed of GDPR’s wide-ranging legal implications and should translate and apply them into plain, simple measures to comply with this regulation
- Disciplined Execution: A GDPR compliance strategy is worth very little without disciplined execution. Knowing which data security and management solutions must be selected and implemented to ensure compliance and security is not as easy as it would seem. Numerous factors weigh in, and the human factor is the most complex
“Non-compliant organizations should have started adjusting their internal processes, if they haven’t already, so that any obstacles encountered can be resolved before penalties and reputational repercussions are incurred,” said Jeff Sanchez, a Protiviti managing director in the firm’s security and privacy group and leader of its GDPR solution offering. “Using our guide as a blueprint to comply with the GDPR can give companies a boost in reviewing their practices and analyzing where changes may be required for their data protection programs to come closer to compliance.”
Harry Small, a senior partner in Baker McKenzie's information technology and communications practice said, “Keeping on top of data can be challenging, especially when businesses are evolving the services they offer. The GDPR isn't a one-size-fits-all system so complying with it requires organization-wide awareness and the ability to take the appropriate measures to monitor and control compliance.”
The GDPR FAQ guide is available at no cost at www.protiviti.com/GDPR. Protiviti has also produced a podcast series about GDPR compliance, featuring interviews with Sanchez, Wuesthoff and Protiviti experts Cal Slemp, Diana Candela, Katie Stevens, Michael Walter and Thomas Lemon. Episodes are available at the same web site.
About Robert Half
Founded in 1948, Robert Half (www.roberthalf.com) is the world’s first and largest specialized staffing firm and a recognized leader in professional consulting and staffing services. The company’s specialized staffing divisions include Accountemps®, Robert Half® Finance & Accounting and Robert Half® Management Resources, for temporary, full-time and senior-level project professionals, respectively, in the fields of accounting and finance; OfficeTeam®, for highly skilled administrative support professionals; Robert Half® Technology, for project and full-time technology professionals; Robert Half® Legal, for project and full-time staffing of lawyers, paralegals and legal support personnel; and The Creative Group®, for creative, digital, marketing, advertising and public relations professionals. Robert Half has staffing and consulting operations in more than 400 locations worldwide.
About Baker McKenzie
Baker McKenzie helps clients overcome the challenges of competing in the global economy. We solve complex legal problems across borders and practice areas. Our unique culture, developed over 65 years, enables our 13,000 people to understand local markets and navigate multiple jurisdictions, working together as trusted colleagues and friends to instil confidence in our clients. (www.bakermckenzie.com)