GDPR (General Data Protection Regulation)
What Is GDPR?
The General Data Protection Regulation (GDPR) officially goes into effect in May 2018 and will have an international reach, affecting any organization that handles the personal data of European Union (EU) residents, regardless of where it is processed.
A Broader Territorial Scope
GDPR is not sector-specific. It applies in all contexts and across all sectors.
GDPR applies to both (i) data controllers and data processors established in the EU that process personal data and (ii) data controllers and data processors not based in the EU that target individuals who are in the EU. Hence, GDPR catches data controllers and data processors outside the EU whose processing activities relate to the offering of goods or services (even if for free) to, or monitoring the behavior (within the EU) of EU data subjects.
Drastic Increase in Penalties for Noncompliance
The European legislators and data protection authorities have felt that organizations did not take their data protection responsibilities seriously enough, and so GDPR dramatically increases the maximum penalties for noncompliance: In the event of a serious breach of GDPR, the fine could be up to 20,000,000 Euros or, in the case of an undertaking, up to four percent of the total worldwide turnover in the preceding financial year, whichever is higher.
Read this advisory note to understand more about the impact of GDPR including details on individual rights, roles and definitions, and accountability.
Rimini Street’s Commitment to GDPR Compliance and Client Success
Rimini Street is committed to our client success and will comply with GDPR in the delivery of our services to clients by May 25, 2018, when the regulation will take effect.
Rimini Street's dedicated tax, legal and regulatory practice helps clients of all sizes keep their applications up to date and compliant with the latest tax, legal and regulatory changes for nearly 200 countries.
Through an innovative combination of patent-pending tax, legal and regulatory research technology, proven methodology and ISO 9001:2008 certified development processes, Rimini Street offers clients accurate deliverables with the fastest "legislature-to-live SM" update delivery cycle in the industry.
In a constantly changing tax and regulatory landscape, Rimini Street can help your organization stay compliant more efficiently and easily.
Rimini Street also provides its clients with actionable security intelligence to reduce potential exposure. From tailored security vulnerability analysis reports, to expert advice in the identification and selection of critical security controls (and vendors), Rimini Street helps clients ensure that they successfully reduce and manage risk far beyond ERP applications and databases.
The Bottom-line: Compliance with GDPR is a process and not a “packaged” regulatory update from any one vendor
Beware of software vendors offering generic messages and/or security products that will “ensure compliance” when in reality they may not a complete solution or even applicable to GDPR but rather another vendor marketing tactic.
Given the complex nature of GDPR, there is no one update from one vendor that can accomplish GDPR compliance. Rather, compliance with GDPR calls for business process changes requiring organizations to transform the way they collect, process, securely store, share and securely wipe personal data.
Each organization needs to review its policies and procedures around data security and take the necessary steps to be compliant under the GDPR rules.
For further inquiry or questions on GDPR compliance and Rimini Street's recommendations, please send an email to firstname.lastname@example.org.