Identifying articles for GDPR compliance

The EU General Data Protection Regulation (GDPR) is a new law that will supersede the Data Protection Directive 1995 (DPD) and all domestic laws based on it, such as the UK Data Protection Act 1998 (DPA).

The GDPR aims to protect EU residents from data and privacy breaches, and has been introduced to keep up with the modern digital landscape.

From 25 May 2018, any organisation processing the personal data of EU residents must comply with the GDPR in respect of that data processing.

GDPR articles

The GDPR comprises 99 articles and is separated into 11 Chapters:

  1. General provisions
  2. Principles
  3. Rights of the data subject
  4. Controller and processor
  5. Transfers of personal data to third countries or international organisations
  6. Independent supervisory authorities
  7. Cooperation and consistency
  8. Remedies, liability and penalties
  9. Provisions relating to specific processing situations
  10. Delegated acts and implementing acts
  11. Final provisions

A number of key changes introduced by the GDPR include the need to carry out data protection impact assessments (DPIAs), meet stricter rules on obtaining consent, and to implement policies and procedures to protect personal data and handle subject access requests. Find out more >>

Identifying the GDPR articles to comply with

Even though the GDPR is clearly written, the many GDPR articles to identify means managing your compliance isn’t always easy.

There are a number of key areas to address in your compliance project and some of these could have significant financial, personnel or IT implications.

Manage your GDPR compliance project

Vigilant Software has added new content to Compliance Manager, our online tool that helps you keep track of your compliance with applicable laws and regulations.

Compliance Manager includes:

  • A curated list of the GDPR articles and clauses from UK law relevant to information security that you need to act upon;
  • Implementation guidance written by our data protection experts to help you understand what to do in order to comply;
  • Suggested controls from Annex A of ISO 27001 for each GDPR article that can be used to comply with its particular requirements; and
  • The option to add your own controls.

Compliance Manager also helps you provide auditors with a concise overview of your organisation’s compliance status against each piece of relevant legislation.

Find out more >>

Leave a Reply

Your email address will not be published. Required fields are marked *