Don’t Let GDPR Trip You Up. It can cost you A LOT!
Most importantly, the European Union finalized the details of the General Data Protection Regulation (GDPR) in 2016, and the GDPR came into effect on May 25, 2018.
The GDPR sets strict rules governing the use and storage of European Union (EU) citizens’ personally identifiable information. If you are processing identifiable EU citizen data, the GDPR applies to you.
Importantly, companies found in violation of the GDPR can be hit with fines up to 20 million Euro or 4 percent of their global revenue — whichever is higher.
These rules apply to anyone that processes data of EU citizens and they’re designed to enhance transparency into the use of information and increase an individual’s control over their data.
As a result, the GDPR requires companies to document how, when, and why data is being used, how it’s being protected, and how it may be accessed or expunged, depending on circumstances.
Crispen Maung, Chief Compliance Officer a Box, wrote an excellent white paper on how to ensure your cloud service providers are fully compliant.
Maung suggests you ask your cloud vendor these three questions:
Question 1: What measures do you have in place for secure data transfer across borders?
Question 2: What certifications and standards have you earned that demonstrate compliance with th GDPR?
Question 3: What tools do you have in place to help me meet other GDPR obligations?
Click the image at right to download a PDF of the paper.