General Data Protection Regulation (GDPR) enforcement begins May 2018. Are you ready?
While enforcement may seem a way off, you don’t want to get derailed by last-minute planning efforts. Organizations should revisit their security and compliance strategies today to ensure they’re prepared to meet GDPR requirements—or face the threat of fines.
To help organizations better understand the regulation, we’ve created this infographic that boils down key need-to-knows, including the relevant rules that require data protection technology, how the fines work, and steps that can help as you plan. Read our summary below and download the full GDPR infographic for more information.
Who’s impacted and what are the data protection rules
GDPR requirements apply to any organization doing business in the EU or that processes personal data originating in the EU, be it the data of residents or visitors. (Simple translation: EU businesses and global enterprises.)
And the rules? The actual text of the GDPR is quite lengthy (88 pages to be exact), but we’ve summarized the five most salient articles from a data security perspective. This blog post provides more detail, with bonus info on Article 34 (Notification of data breaches to the affected individual).
Cost of non-compliance
The fines for non-compliance can be substantial…up to 4% of an organization’s annual revenue. Article 58 of the GDPR provides the supervisory authority with the power to impose administrative fines under Article 83 based on several factors, including the nature, gravity and duration of the infringement taking into account the purpose of the processing, the number of data subjects affected and the damages suffered by them, whether the infringement was intentional or negligent, technical and organizational measures that had been implemented by the controller or processor, and the types of personal data involved, are just a few. More about how the fines are calculated can be found in this blog post.
Map out your compliance plan
Imperva recommends that enterprises put a plan in place to achieve certain milestones before the enforcement deadline, in order to avoid fines and possibly even earn some goodwill from the EU. This framework is meant to help you map out a plan for GDPR readiness in a logical step-by-step format.
Start with data discovery
Step one is inventorying all your data repositories and personal data. Imperva can help you identify where all your data is, begin to classify it and deliver a comprehensive data discovery report that serves as your starting point on the road to GDPR compliance.
Download the complete infographic: Get Going with Your GDPR Plan
Learn how Imperva can help with GDPR readiness, contact a security specialist.
More on the GDPR:
GDPR Series, Part 1: Does the GDPR Apply to You?
GDPR Series, Part 2: What Rules Require Data Protection Technology?
GDPR Series, Part 3: Preparing Your Organization for the GDPR
GDPR Series, Part 4: The Penalties for Non-Compliance
 “GDPR FAQS,” 2017, eugdpr.org
 “Regulation (EU) 2016/679 of the European Parliament and of the Council,” 2016, Official Journal of the European Union