As of May 25, 2018, the European Union has standardized regulations for protection of its resident’s personally identifiable information (PII) NO MATTER WHERE IT RESIDES. This regulation is called the GDPR. The GDPR regulation might affect U.S. based companies that have vendors, partners, clients, customers, contacts, even a web presence where an E.U. resident may leave information that is traceable to the individual. GDPR compliance obviously applies to organizations that have branch offices in the E.U.

How does the GDPR regulation protect the individual?

The standards protect the rights of individuals in four ways:

  • You must have an individual’s consent to collect PII.
  • An individual has a right to review, correct, and delete such information.
  • The information collected must be secure.
  • You can only retain the information if it is necessary to provide services to the individual.

If an entity is found in violation of this regulation, it may be subject to fines.

What is the GDPR personal data definition?

GDPR’s personal data definition widens the scope of protection beyond health, payment card, or financial-related data. It is possibly a model that may be eventually adopted in the U.S. and even worldwide.  It is prudent for all companies to review their information security practices, how information is collected, processed, stored, and even purged on a timely manner.


Security of personal information as regulated by several compliance standards, including GDPR, must be taken seriously by all companies. We can help you sort through the multiple facets of a security risk assessment or audit and identify weaknesses that might need remediation, including:

  • Review/update your privacy governance policies
  • Identify privacy notice requirements
  • Formalize your security program
  • Perform a Vulnerability Security Scan/Assessment
  • Review contract templates for vendors or partners
  • Review your encryption, DLP, DRM policies
  • Develop or refine your audit processes
  • Review your Mobile Device Management
  • Review or modify your backup/archive
  • Data map your information inventory
  • Review or create breach response protocols
  • Train or educate your staff



Share this article