Aravo GDPR - Executive Briefing.jpg

63% of data breaches involve a third party relationship.

The new General Data Protection Regulation – which comes into force in May 2018 – may at first blush seem like “just another EU rule”. However, organizations – and specifically third party risk management teams within them – would take a “tick-box” approach to compliance at their peril.

In fact, the GDPR is such a significant new rule that any organization that does business with EU nationals and holds some form of personal data on them, should dedicate the the time and resources to take a more strategic approach to risk management and compliance within 2017, rather than waiting until next year, or complying more tactically. Compliance with this rule requires a strategic approach because:

  • It is an EU regulation, but with significant extraterritorial implications. For example, it effects data about EU citizens processed elsewhere around the world.
  • Organizations have significant new risk responsibilities regarding the third parties they engage, who work with impacted personal data.
  • The new rule has much more robust protections woven into it for privacy, data protection, and consent.
  • The rule requires data protection to now be built into new products, rather than tacked on as an afterthought.
  • New fines and sanctions built into the rule are much more severe than under the previous rule – and would apply in the global way in which the rule is written.

For more information about the Aravo solution for GDPR Third Party Risk Management, please contact us.

 

Related Content:

Blog Post - The EU GDPR & Third Party Risk: Why Global 2000 Companies Should Be Focused on Third Party Compliance

EU GDPR & Third Party Risk Infographic - 5 Steps You Can Take Today