What is the GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation that standardizes the rules related to processing and controlling personal data by companies and public authorities. While it is an EU law, it directly impacts businesses throughout the world if they process or control any personal data belonging to citizens of the EU.
While the complete regulation is robust and should be reviewed with your legal team, at a broad level, it provides data protection beyond the borders of the EU, gives individuals better control over how their personal data is captured and used, and enforces the law through the use of penalties.
Applies to Companies Everywhere
The regulation focuses on EU citizen data and is not limited by the location of the company that is processing or controlling this data. This means that a company can be located anywhere – within the EU or not – and still be impacted by the regulation if they are processing the data of an EU citizen.
Gives More Control Over Personal Data
The GDPR gives individuals more control of how and when their data is used. From requiring clear consent at the point when a person’s data is collected to ensuring that people can access their own data anytime, there are many components of the regulation that address what companies must do when processing or controlling personal data.
Uses Penalties for Enforcement
In order to make sure that companies take the necessary steps to comply with the GDPR, the regulation specifies that companies that are not within compliance may receive a fine of up to 4% of their annual world sales or 20 million euros, whichever is higher.
GDPR refers to any group in an organization that processes or controls personal data.
Cyber Defense Teams
Must report data breaches and the loss of personal data to the competent authority within 72 hours.
Corporate Security Teams
Must review and document processes and procedures for assessing potential risks and recommend taking appropriate steps to secure personal information. They must follow GDPR-related metrics.
ITSM Teams
Must consider privacy issues from the beginning of any system design. And, they must make sure that suppliers also comply with the GDPR.
GDPR may cost you.
Companies that do not comply with the
GDPR can receive a fine – up to 4% of annual world sales or
20 million euros, whichever is higher.
Non-EU Located Companies
How will GDPR impact my business if I’m not located in the EU?
The GDRP protects the data of EU citizens. This means that, regardless of where your business is located, if it processes or controls data belonging to EU citizens, it must do so in accordance with the new regulation. If you do not follow the regulation, you are subject to fines in the same way companies that are located in the EU are.
OTRS and GDPR
Can OTRS help with GDPR compliance?
As a service management solution that comprises ticketing system, workflow automation and a wealth of other features, OTRS can support companies in their efforts to become GDPR compliant by giving companies the tools they need to quickly address corporate security issues and track information that may be audited for GDPR or any other privacy purpose.
In addition, OTRS AG has taken measures to ensure that our data handling processes are in line with GDPR requirements so that customers using the fully-managed OTRS solution are compliant within our environment.
For OTRS AG, the topic of data protection has always been of the highest importance.
Compliance with privacy regulations and guidelines has always been, and will always be, treated as an absolute priority.