The European Union’s (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. The regulation is specific to the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The regulation applies to any organization doing business in the EU or that processes personal data originating in the EU, 无论是居民数据还是访客数据.

GDPR深刻改变了人们对隐私的理解, data protection and personal data in the EU and has wide-ranging effects on anyone processing personal data of data subjects of the EU. A data subject is defined as a person whose personal data is being captured and processed. If your organization captures just one record of an EU data subject, this regulation applies to you.

GDPR also changes the way that these laws are enforced and brings potential penalties that are significant in nature. Penalties for failing to comply with the articles of GDPR may subject the organization to fines up to €20m or 4% of the organization’s total global revenue, 哪个更大.


靠谱的滚球平台 provides multiple solutions to help our clients achieve and maintain compliance with GDPR:

  • 全面的合规性和差距评估
  • Data Protection Impact Assessment (DPIA) and Privacy Impact Assessment project management
  • 数据发现和数据分类程序
  • Data Protection Officer as a service offering—a 靠谱的滚球平台 expert can assume this required role for your organization.
  • Guidance and implementation of erasure, or “right to be forgotten” programs
  • 指导和实施安全措施, 包括匿名化和匿名化个人数据
  • 开发和执行培训和意识计划
  • Guidance and implementation of vendor management best practices for ensuring controls over data in the supply chain
  • Policy and procedure development to bring current practices into compliance


1. 意识
You should make sure that decision-makers and key people in your organization are aware that regulations are changing. They need to appreciate the impact that these changes are likely to have on your organization. 除了, line-level and larger scale training may be necessary for certain personnel within your organization who handle personal data on a regular basis.

2. 记录你持有的个人信息
你应该记录你所持有的个人资料, 它从何而来, 你用它做什么,你和谁分享它. We use data flow diagrams and business process maps for each of these processes.

3. 隐私信息交流
您应该检查您当前的隐私政策, 程序, contracts and notices and put a plan in place for making any necessary changes to meet the GDPR deadline.

4. Individuals’ Rights: Right to Be Forgotten, Transfer Data or Correct Data, etc.
You should check your 程序 to ensure that they cover all the rights individuals have, 包括如何删除任何过时的数据(e.g., right to be forgotten), transfer data upon request or correct any incorrect information.

5. 查阅资料当事人要求查阅资料/资料处理资料
You should update your 程序 and plan how you will handle data extraction requests to meet the 30-day requirement. Data subjects have the right to obtain confirmation from the controller as to whether or not personal data concerning him or her is being processed and, 这是什么情况呢, 查阅个人资料. They also have the right to inquire about the nature of further processing and treatment of their data while it was in the controller’s possession.

6. 库存数据
Identify all the data subjects for which you process or store sensitive data and determine whether GDPR applies to their country. Document the supervisory authority for each member country and identify the data controller for each process. You need to also determine who the lead supervisory authority will be based on your overall activities.

7. 处理个人资料的合法依据
You should review your current practices and contracts and identify the lawful basis for your processing activity under the GDPR, 记录它, 更新你的隐私通知来解释它.

8. 同意
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consent processes now if they do not meet the GDPR standard.

9. 数据泄露/事件响应计划
您应该确保有一个适当的事件响应计划来检测, 报告和调查个人资料泄露事件. 计划需要被记录并测试.

10. 安全的处理
You should ensure that certain technical safeguards are in place to ensure that risk to personal data is effectively mitigated. Your plan should include techniques such as the pseudonymization and encryption of personal data. 有效的控制不仅能确保持续的安全, but also the confidentiality and availability of personal data must also be in place.

11. 数据保护的设计和数据保护影响评估
You should familiarize yourself now with the code of practice on Data Protection Impact Assessments as well as the latest guidance from the Article 29 Working Party, 并决定如何, 何时或是否需要在组织中实施这些.

12. 数据保护官员
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organization’s structure and governance model. You need to determine whether you are required to formally designate a Data Protection Officer. 如果是这样,这个职位必须向最高管理层汇报.

如果您的组织没有及时遵守GDPR,请 请访问“我们的想法”博客 阅读更多关于如何变得兼容的建议.




探索我们的网络安全资源库, 包括案例研究, 白皮书, 最佳实践和专家思想领导.

了解更多 >


靠谱的滚球平台’ experts deliver analysis about the cybersecurity trends that impact our clients and organizations of all types and sizes.

了解更多 >



探索我们的网络安全资源库, 包括案例研究, 白皮书, 最佳实践和专家思想领导.

了解更多 >


Explore recent case studies that illustrate 靠谱的滚球平台’ efforts to help clients identify risk, 减少遭受网络攻击的风险, 和恢复系统, 最终节省成本和更安全的环境.

了解更多 >