Chinese Association of Idaho State University (CAISU)

GDPR Requirements and How to be GDPR Compliant | What is the GDPR

WHAT IS GDPR? WHATS DOES GDPR STANDS FOR?

GDPR is an act introduced by the European Union for Data protection before it was known as the data protection act under the data protection directive.

GDPR stands for General Data Protection Regulation 2016/679, ita an EU law to protect and secure the data of all individual citizens in EEA, privacy, and security on their personal data. This was mainly introduced on processing personal data of the European Economic Area (EEA) region individuals.

WHAT IS GDPR COMPLIANCE? WHO DOES GDPR APPLY TO? HOW TO BE GDPR COMPLIANT?

GDPR compliance – Any organization abiding with the rules and regulations set by the European Union (EU) on data protection of individuals are said to be GDPR compliance.

GDPR applies to organization processing personal data of EU citizen within the EEA and globally. There are a set of guidelines for organization processing out of EEA. Some of the example for reference- A data processing company in India working for European clients, if the company is collecting client personal data for the process than the company should be GDPR compliant. Its mandatory law for any company in EEA to process the personal data or outsourcing it to other states out of EEA.

EU has released the regulation copy for the public on 27^th of April 2016, considering the articles in this copy as a basement to implement GDPR.

There are XI chapters and 99 articles, it was enforced to be compliant with GDPR by 25 May 2018 for all companies in EEA. There are areas which define how GDPR is applicable to small scale sectors, also on outsourcing EU citizen data out of the EEA region. Our CertPro expertise has implemented GDPR efficiently fulfilling the requirements of their customer needs and satisfying the needs and expectations of Law.

Our methodology to be a GDPR compliant

Step 1: Consult our Professional experts – www.certpro.in,

GDPR requirements focus on areas such as;

Legal and compliance- Enforcement of fines, Responsibility (DPO), Accountability, Privacy notice, and Consents.

Technology- Breach reporting, Encryptions, Online profiling, Privacy by design, Secure applications,

Data- Data handling, Data collection, Data transfer, Data processing, Data Storage, Data deletion, Data portability, etc.

Step 2: Awareness training to all employee about the seriousness of this data protection law and the penalty associated with it.

Step 3: Identify the activity of the organization fall under a data controller or data processor. (Are we a controller or processor)

Step 4: Appoint a Data Protection Officer (DPO), define the roles and responsibility of DPO.

Step 5: Define personal data policy along with other policy and procedure.

Define privacy policy & terms and conditions.
Implement DPIA.
Define Data transfer, Data Storage, Data retention, Data subject rights, Data handling, Data Breach response and notification procedure, Consents, and Cookie policy.

Step 6: Define the policy & procedure for Third-party contracts.

Step 7: Review and conclusion through compliance audits by the senior-most technical auditors.

查看次数： 1