Preparing for GDPR

By:  |  Category: Blog, Security Wednesday, June 13th, 2018  |  No Comments

Recently, it seems like every week a new data breach erupts from a company we do all business with. Wells Fargo, Target, Experian…Most of us by now have had our own personal data exposed due to a data breach. Even if you have managed to survive without any exposed credentials, the chances are high you will because there have been far too many recent examples.

In the event of a data breach, it’s crucial that companies inform their customers immediately, before the stolen data can be exposed by cyber-criminals.

Unfortunately, this quick call to action isn’t always the case, and companies wait far too long on the news, compromising their customers in the process. Sometimes they are concerned about reputation, profit loss or the lawsuits that will inevitably follow. Either way, waiting to tell customers only perpetuates the problem.

Because of this “lag time” from discovery to communication, new laws are coming into play.

By far, the biggest cyber security law passed comes out of Europe. The new EU General Data Protection Regulation introduces mandatory breach notification requirements across Europe within short timeframes from the breach being discovered.

On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) came into force, bringing the most significant change to EU data protection law for 25 years. The legislation impacts controllers – the organizations that determine the purposes and means of the processing of personal data, and processors – organizations that process personal data on behalf of a controller.

The law introduces very high financial penalties for non-compliance with maximum fines of up to €20 million or 4% of global annual turnover, whichever is higher.

Does it Affect the US?

Even though this is legislation from the European Union, it reaches beyond the geographical boundaries of the EU and impacts companies operating inside (wherever they process the data) and outside the EU if they target sales to people in the EU or monitor their behavior in the EU.

So if you do business in the EU, then yes you need to get your ducks in a row.

The bigger question remains though, how far is the US behind the EU in cyber regulation? It’s only a matter of time before our country follows suit to protect a customer’s right to data privacy and accountability.

How do I get compliant?

There is no one step-method on GDPR compliancy. Every business will have a different approach. There are 99 articles in the new regulation and you will have to familiarize yourself with all of them to identify the controls you need to establish for your business to be compliant. The bad news is, this isn’t an easy process. The good news is that compliance with GDPR can serve as the impetus to take critical and potentially long overdue steps to increase security and ensure compliance in several areas.

I need help…

EnhancedTECH can help you come up with a personalized and executable plan for your business to meet GDPR compliancy. Give us a call at 714-970-933 or contact us at [email protected]

For further resources:




Leave a Comment
Read previous post:
Atlanta Ransomware Attack
After Spending Millions, Atlanta Still Struggling From Ransomware Attack

Three months after suffering a major ransomware attack, the city of Atlanta is still struggling to get back on its...