Through its sister company Discovery Computers and Forensics, Tier3MD will soon be offering GDPR audits. Many organizations need the GDPR audits, but are not sure where to get them, or how they are performed. Let me try to make this as simple as I can. For any company that does any type of business with the EU, you will need to know where your data resides and associate it with an individual. You need to know how sensitive it is, and who owns it. It is similar to HIPAA in the fact that you want to identify your vulnerabilities, create policies and procedures, and be able to prove compliance.
The General Data Protection Regulation is made up of a set of strict privacy regulations designed to protect the personal data of EU residents. It applies to every organization offering service and good to EU residents. If you have an employee who lives in Europe, you will need to perform GDPR audits on a yearly basis.
Failure to Comply
It’s every company and medical practice’s responsibility to be prepared, and the cost of non-compliance can go way beyond a fine. Damage inflicted on a brand following a breach can permanently affect the bottom line. It can damage your reputation, and hurt the trust between you and your customers and patients.
What To Do
First, you have to find they PII (Personally identifiable Information) and control it. We can find the specific data stored on any storage device, and help secure the permissions and access to it. Then we need to identify who has access to it. After that, we need to put measures in place to protect it.
Do You Need An Assessment?
Even if your company is based outside the EU, you may still need to be GDPR compliant. What determines the need for compliance is who you hold data on. If you collect data on any EU citizen, you are subject to the regulatios. This includes selling or shipping an item to someone in the EU, or even shipping inside the U.S. but the person doing so is using a credit card from the EU. For more information, contact Tier3MD.