The effective date for the European Union's General Data Protection Regulation (GDPR) is a few months away.Unfortunately, few businesses are prepared to achieve compliance under the new legislation, despite having more than two years to rework their backend infrastructure and data privacy policies.
An estimated 60 percent of organizations based in Western Europe foresee compliance roadblocks, while half of American enterprises serving customers in the EU believe they may not have their updated platforms and policies ready by the May 25 deadline, according to researchers for Varonis, a software company specializing in data security.
Firms that ultimately fail to comply with the changes face hefty fines totaling as much as €20 million or 4 percent of worldwide annual turnover. With these penalties in play, businesses lagging behind on GDPR compliance must take drastic action and ramp up their efforts immediately.
Evident is here to help. Our innovative data sharing and verification platform supports internal information technology teams as they attempt to achieve compliance under GDPR.
Understanding the requirements
What does that entail? Evident founder and CEO David Thomas discussed that very topic in an interview with Website Magazine. Thomas addressed parts of the legislation that businesses must pay particular attention to:
- Data subject consent: GDPR requires companies operating in the EU or serving customers in the region to obtain explicit consent from users, or data subjects, before collecting their personal information. The regulation stipulates that IT teams achieve this using "intelligible and easily accessible" forms.
- Breach notification: Under GDPR, businesses must notify EU officials within 72 hours of the detection of a data breach. The data subject notification requirement is slightly more relaxed; users must receive breach communications "without undue delay."
- Security in mind: GDPR requires organizations to maintain backend IT systems that are developed and deployed with data privacy and security in mind. Such solutions should protect the information of data subjects and operate with limited internal user interaction.
Achieving GDPR compliance with Evident
Evident's platform features mission-critical components that directly address the aforementioned requirements contained within GDPR, along with many others:
- Regulatory disclosure and notice: Our innovative user consent management capability ensures that data subjects can agree to information collection and gives them the power to see how their personal details are stored and used. This feature further enriches the platform's disclosure capabilities, facilitating the development of historical consent logs to be used for compliance purposes and lending data subjects real-time revoke power in the event that they want to remove their information from company servers.
- Cutting-edge data security: Evident is supported by end-to-end encryption, which leverages cryptographic access control and distributed data key generation capabilities to secure data flows and guarantee only authorized users can access sensitive information.
- Mobile actionability: We give power back to data subjects. They can access records pertaining to who has their data, receive notifications when their data profile changes, dispute incorrect data, retract consent at any time and so much more, all from their mobile devices.
IT stakeholders can access these and other features through a single interface. With Evident's easy-to-use, powerful data sharing and verification platform, businesses behind on GDPR compliance can accelerate their preparations and potentially meet the upcoming May 25 deadline.
For more information on exactly what GDPR entails as well as additional Evident features, read our eBook, Understanding the General Data Protection Regulation: A Guide to GDPR Compliance.
Is your organization in danger of incurring fines under the EU's new data privacy legislation? Connect with Evident today to learn more about how we can help.
David Thomas, CEO at Evident, is an accomplished cybersecurity entrepreneur. He has a history of introducing innovative technologies, establishing them in the market, and driving growth – with each early-stage company emerging as the market leader.