The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) came into effect on the 25th May 2018. It is a regulation which aims to give EU citizens back control and transparency over their personal data, how it is used, by whom and for what purpose. Businesses who do not comply, are at risk of significant fines, reputational damage and losing customer trust. Under the accountability framework, businesses must be able to demonstrate compliant processes are in place and having the right technical solutions in place, is a key part of that.
personal data are we sending via email and over file transfer methods?
is the sensitivity /risk category of that data?
Tip – Conduct an impact assessment if it is high risk.
are we sending this personal data to, is it within the EU and if not are standard contract clauses etc in place.
are we sharing this personal data with them and what security measures are in place e.g. encryption, MFA, data minimisation, recipient verification etc
are we sending this personal data to?
are we sharing this personal data with them and under which lawful basis?