Blog Details

Safely expose insights from your most sensitive datasets.

Before you secure your data, you have to know your data. You have to know what data you have, where you have it, why you have it, and how you use it.

International Association of Privacy Professionals

GDPR affects every company inside or outside the EU that wants to offer its services to clients located in Europe. That means both data controllers, legal persons such as a company, and data processors, for example Software as a Service providers. It’s not as much about protecting data as it is about protecting the rights of the data subjects, those whose data your organisation is capturing.

One of the biggest challenges to GDPR poses for companies affected by the regulation is the fact that the time to report certain data breaches is reduced to 72 hours. That means at a moment’s notice, companies will need to answer questions such as,

  • Who owns the data?
  • What data do we share with people?
  • Where do we get the data from?
  • What controls do we have in place? and
  • What is the impact in the case of a breach?

Today, most companies would probably need weeks to answer such questions and under GDPR, this is no longer acceptable. You are not exempt because of your size. And the fines can be hefty, up to 4% of annual turnover or 20,000,000 Euros, whichever is larger.