May 25, 2018 was the start — not the finish. Our 12-month partnership will get your data protection off and running with a special blend of assessments and governance. By the time we’re done, the European Union’s General Data Protection Regulation will have nothing on you and your organization.
As the law changes, so must your business. If you do business in Europe, employ people with dual citizenship or allow global customers to shop in your online store, you’re subject to the EU’s new GDPR. Under the regulation, European citizens have control over their personal data that you store, including financial records, photos, email addresses and geological data. Failure to comply results in more than a slap on the wrist; fines can reach up to 20 million euros.
Our program begins with a gap assessment to evaluate the systems and policies you already have in place. Together with your dedicated GDPR specialist, we’ll assess your business’ data protection practices, privacy policies, training programs and breach management protocols. The resulting report will articulate your gaps in data protection, and help Agio draft a plan to fill those holes and become GDPR compliant.
You have to know where a user’s data is in order to protect it — a key component of GDPR. According to the law, European citizens have the right to request access to (or deletion of) their personal data from an organization at any time. Agio partners with OneTrust to make data governance easy by mapping and delivering a visual representation of how data flows through your organization.
Evaluating your data privacy policies and procedures is a core part of our gap assessment and corrective action plan. We’ll review common policies that are typically affected by GDPR — such as third party processing, onboarding, offboarding and mobile device management — and make recommendations to adjust accordingly. And this evaluation goes beyond just words on a page. We’ll help rewrite your policies, evaluate which types of data you should hold, and possibly change how data is stored.
Corrective Action Plan
Our corrective action plan will strategically prioritize how to fill the gaps identified in the assessment. Then we’ll follow these marching orders to update your policies and procedures, inventory processing activities and manage the rights of data subjects. Other areas we may address include data protection impact assessments (DPIA), vendor management, data mapping and managing the security of personal data.
Most companies approach GDPR as a one-and-done, check-the-box compliance exercise. You get yourself compliant and call it a day. But unless your business remains that static, you’ll soon find yourself on the wrong side of GDPR. We work with you to leverage a sustainable programmatic methodology in which we implement, execute, and keep you compliant for the length of our 12-month partnership. To date, we’ve yet to encounter another service that offers this type of holistic program — one that lives and breathes alongside your business’ evolution.