You probably have already seen modifications from your EU customers to your contractual language. The new language May contain:
New obligations on data processors — processors become an officially regulated entity
Processors have not had to demonstrate compliance previously under the original directive .Unlike the old EU Data Protection Directive (“Directive”) (where only data controllers had direct compliance obligations), the EU General Data Protection Regulation (“GDPR”) will impose both direct compliance obligations on data processors as well as specific contractual requirements for the data controller to include in its data processing agreement with the data processor (see, e.g., Article 28 of the GDPR).
The Potential challenges your organization may have to meet these compliance requirements:
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
Navigating through various compliance standards such as PCI, HIPAA, and ISO 27001 can seem complex, but there's an impressive alignment between them. Let's elucidate:
Take PCI's Requirement 4, for instance. Achieving this directly corresponds to fulfilling HIPAA's 164.312(e)(2) Encryption mandate. Venture a step further, and you've already met Article 29 of the GDPR, which emphasizes encrypted personal data like passwords.
Encryption Standards at a Glance:
By understanding these alignments and equivalences, you can efficiently streamline your compliance efforts, ensuring that meeting one standard's criteria often prepares you for another. With the right guidance, your path to global compliance becomes clearer and more efficient.
"We're seasoned experts in data protection and compliance across various industry standards and regulations. From formulating policies to architecting your Security Development Life Cycle and fortifying computer security, we're your trusted partner. Whether your focus is on General Data Protection Regulation (GDPR) or beyond, we've got you covered. Furthermore, our prowess extends to managing vendor relationships, a crucial component of a holistic security approach."
This website uses cookies. By continuing to use this site, you accept our use of cookies.