Solutions
General Data Protection Regulation (GDPR)

GDPR: The countdown is on. Are you ready?

GDPR, or the General Data Protection Regulation, enforceable on May 25, 2018, strengthens data protection provisions for all EU citizens. But the impact of the GDPR goes well beyond EU borders. Companies inside and outside the EU (including suppliers, vendors, and outsourced organizations) that collect, hold, or process data about an EU citizen are required to comply with the law. And penalties are severe–up to 4% of annual global revenue.

The full text of the regulation is quite dense, but we’ve highlighted a few critical concepts here.

The Countdown to the GDPR Deadline Is On

Days
Hours
Minutes
Seconds

It’s about putting people first

GDPR signals a shift in how we think about data privacy. Because it’s not just about the data—those bits and pieces of personally identifiable information (PII) typically flagged for privacy. GDPR focuses instead on the fundamental rights and freedoms of data subjects (that’s you and me).

The New Data Subject

Under the new regulation, any data that can be used to identify a person is personal data. Birth dates and social security numbers? Sure. But that also covers genomic data, health records, financial information, social media profiles, and more.

Purposeful Consent

With a new focus on the data subject, consent becomes increasingly important. Businesses will need to make sure people understand what they are consenting to, how their data is being used, and how they can withdraw their consent should they want to.

Greater Control

GDPR regulations protect access and portability of personal data. They also grant the data subject the right to be ‘forgotten’ or erased. And when a data breach occurs, companies will be required to notify those affected within 72 hours.

It’s less than one year until the General Data Protection Regulation (GDPR) becomes enforceable. Are you ready? If you’re like most organizations, the answer is probably no.

But with 100% compliance required on May 25, 2018, and fines of up to 2-4% of global revenue for non-compliance, the pressure is on to comply. Test your knowledge of the GDPR with our interactive quiz.

 

Take the Quiz

It’s about how data is being handled

For data to be used, it can never remain static. That’s why another fundamental tenet of GDPR requires companies to understand how personal data is being handled across the organization.

Every company will need to have an end-to-end understanding of how data is captured, transformed, held, and destroyed.

In effect, GDPR requires companies doing business in or with the EU to embrace “privacy by design” and have processes in place to monitor the location and quality of data, the person accountable for that data, and the controls being applied to that data.

Data governance is the foundation for GDPR compliance

Collibra provides an enterprise-wide data governance solution that puts people and processes first. It automates data governance and management to quickly and securely deliver trusted data to the business users who need it. Paired with GDPR-specific professional services and a GDPR accelerator, Collibra delivers a complete governance solution that serves as the foundation for the broader GDPR compliance effort and ongoing change management.

The Collibra data governance platform delivers the core capabilities organizations need to build a solid governance foundation:

  • A centralized inventory of personal data items across the business and technical landscape
  • Governance accountability and workflow for personal data ownership, definition, and requirements

  • Searchable, end-to-end traceability of personal data across the process and technology architecture and across the data lifecycle
  • Detailed data sharing agreements outlining how the organization shares personal data both internally and externally

Collibra Professional Services delivers the expert implementation services needed to get the most out of your Collibra investment. Our implementation approach is to phase the delivery through our unique method that aligns with the governance for GDPR process.

The Collibra GDPR Accelerator helps organizations speed time to compliance through delivery of an extended data governance operating model tailored for the GDPR. Organizations can bring together the right people, data sets, and technology to document business processes to help address the requirements of Article 5 and Article 30.

 

read the data sheet

This document is intended for general informational and educational purposes. It is not offered as and do not constitute legal advice or legal opinions. Use of any Collibra product or solution does not provide or ensure any legal or other compliance certification and does not ensure that the user will be in compliance with any laws, including GDPR or any other privacy laws.