In this phase, we aim to understand and document the following:
Upon the completion of the implementation phase, Coral performs monthly tests of controls to ensure that designed controls are operating effectively.
At this stage:
GDPR is based on the fundamental right of a citizen, that is ‘right to privacy’.
The General Data Protection Regulation (GDPR) is a data protection and privacy law that was implemented by the European Union (EU) on May 25, 2018.
The GDPR replaced the Data Protection Directive 95/46/EC and represents a significant update to data protection laws across all EU member states.
The GDPR applies to all EU member states and any organization that processes the personal data of EU residents, regardless of where the organization is located. This means that companies worldwide that handle the data of EU individuals are subject to GDPR compliance if the company processes EU resident data.
The General Data Protection Regulation (GDPR) applies to two main categories of entities:
The scope of the General Data Protection Regulation (GDPR) is extensive and covers a wide range of aspects related to the processing of personal data.
The GDPR applies to the processing of personal data in the context of the activities of establishments located in the European Union (EU), as well as to the processing of personal data of individuals located in the EU, regardless of where the data processing takes place.
The General Data Protection Regulation (GDPR) imposes significant penalties for breaches of its provisions. The penalties for GDPR breaches can vary depending on the nature and severity of the violation. The GDPR has two tiers of administrative fines, depending on the specific infringements:
Lower Level Fines: For certain less severe violations, the GDPR allows for fines of up to €10 million or 2% of the global annual turnover of the preceding financial year, whichever is higher.
Upper Level Fines: For more severe infringements of the GDPR, the fines can be significantly higher. Organizations can be fined up to €20 million or 4% of the global annual turnover of the preceding financial year, whichever is higher.
Achieving GDPR compliance requires a comprehensive approach that addresses various aspects of data protection and privacy. While the specific requirements may vary depending on the nature and scope of the organization's data processing activities, here is a general checklist for GDPR compliance:
A complete GDPR compliance approach involves a comprehensive assessment of understanding business, purpose of data processing, determine applicable requirements, gap analysis, documentation of policies and procedures, nomination of dedicated roles such as DPO, and an ongoing privacy governance program.