GDPR Compliance: Are You Ready for 72-Hour Notification and the 'Right to be Forgotten'?
The European Union's General Data Protection Regulation has been the buzz of 2017, and security leaders globally understand the regulation's basics, including the 72-hour breach reporting mandate, the May 2018 enforcement date and the noncompliance penalty of up to 4 percent of annual global revenue or 20 million euros (whichever is greater). But what about GDPR's obligations for data anonymization, transborder data transfers, appointment of data protection officers and, most significantly, the "right to be forgotten," which requires organizations to grant any European's requests for personal data to be deleted from the organizations' information systems?
This "right to be forgotten" raises several potential show-stopping questions. Do you even know what data you collect, why you collect it and how it is secured and stored? How will you respond when a European citizen requests that you delete all of that citizen's personal data your organization has collected, even in backup files? During this panel discussion, experts explore what steps need to be taken by your organization now to ensure proper data security and adequate preparation for the GDPR enforcement date.