Replies to post #41928 on Data443 Risk Mitigation Inc (ATDS)

[RiseandShine]

WOW!

[Big daddy says]

Jasons doing a lot of posting on linkedin , I get his posts and he's pretty active there.

[Investors3]

Good News!Thank you. I am especially concerned with potential revenue opportunities per client and the below are cost estimates of what some companies plan to spend on GDPR compliance, if this will help see the opportunity for LDSR Revenue...

"GDPR spending. Of the respondents, 83 percent expect their GDPR spending to top six figures, with 42 percent expecting spending to be between $100,000 and $500,000, 23 percent estimating between $500,000 and $1 million, and 17 percent looking at more than $1 million, IAPP reports"

Are you prepared for the GDPR?
https://www.privacy-europe.com/blog/are-you-prepared-for-the-gdpr/
by Johanna Soetbeer, LL.M. | intersoft consulting services AG | Germany
June 12, 2017, 1:28 pm | Leave a comment

It`s less than a year until the General Data Protection Regulation (GDPR) will come into force – and companies in- and outside Europe should be getting ready to implement the new requirements. A survey now shows that there is still room for improvement...

The GDPR and its impact
In fact, the implementation of the requirements of the GDPR are a real new ‘compliance test’ for both small, medium-sized and international companies. They all face the same challenges; first of all a gap analysis will be necessary; data collection and data flows in the company need to be analysed, documented and assessed.
Afterwards, guidelines and technical and organizational measures will need to be implemented. And businesses should take this seriously: the highest fines for breaching the GDPR are €20 million, or 4 percent of total worldwide annual turnover, whichever is higher. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply, digiday reports.

A lot of companies have not even started yet!
In their survey, “Privacy and the EU GDPR,” TrustArc, formerly known as TRUSTe, polled 204 privacy professionals from companies across several industries that are subject to the GDPR, IAPP reports.
Of those respondents, 61 percent said they have not started the process of GDPR implementation, while 23 percent said they have begun implementation, 11 percent stated their implementation is “well underway,” and four percent claimed to be fully compliant with the GDPR. Of the 61 percent who have not started implementation, 39 percent are working on their preliminary plan, 18 percent have a plan in place, but have not started implementation, and four percent haven’t started working on a plan at all.

Start with a plan!
According to IAPP, TrustArc CEO Chris Babel said he did not expect that so many companies are still in the very early phase of implementation.

“It’s not that this is impossible to achieve, it’s just that if you are in that phase of trying to figure out your plan, there’s going to be a lot of unopened cans of worms that you haven’t gotten to yet. What I’m more worried about is how many people are still in the phase of learning about requirements, learning about their own business processes, and they are going to have surprises there, because I haven’t seen anyone that hasn’t had a surprise yet.”

In terms of TrustArc’s GDPR research, another important part focused on GDPR spending. Of the respondents, 83 percent expect their GDPR spending to top six figures, with 42 percent expecting spending to be between $100,000 and $500,000, 23 percent estimating between $500,000 and $1 million, and 17 percent looking at more than $1 million, IAPP reports.

Not only European companies need to be prepared!
The deadline for compliance with the GDPR is May 25, 2018. The GDPR is already in effect, but there is a two-year period for adapting it.
The GDPR will be directly applicable in all EU Member States and also globally applicable – regardless of whether the processing of personal data takes place in the European Union or not (Art. 3 GDPR). Any business anywhere in the world with personal data from EU residents (offering goods and services in the EU or monitor behavior of EU residents) must abide by the provisions of the GDPR. This means, that global companies that maintain a website to solicit sales from potential EU customers will fall under the GDPR requirements, as JDSupra reported recently.

Key requirements
Some of the major requirements will be documentation and transparency:
The GDPR will bring increased documentation obligations to businesses. Inter alia, companies should document that they have an appropriate Data Protection Management System in place – in order to be able to mitigate possible risks, violations and fines according to the GDPR (Art. 83 (2) d, f GDPR).
Also, transparency requirements will increase (i.e. increased obligations for companies to inform data subjects, Art. 12-15 GDPR. Companies must inform data subjects in a “concise, transparent, intelligibleand easily accessible form, using clear and plain language”, Art. 12 (1) GDPR).
Art. 32 GDPR stipulates that appropriate technical and organizational measures to ensure a level of security appropriate to the risk need to be implemented.
There will be opening clauses for local laws and regulations of each EU Member State (e.g. employment data protection, DPO, fines).

Gap analysis
A “GDPR-gap analysis” should focus on the following:

Policies and procedures
Regulatory filings, records of processing activities
Information of data subjects (through privacy policies, information papers etc.)
Data transfer agreements and contract management
(Sub)Processor Information and Agreements
Data protection trainings, Art. 39 (1) GDPR
Role of Data Protection Officer