Cyber Defense Teams
Must report data breaches and the loss of personal data to the competent authority within 72 hours.
The General Data Protection Regulation (GDPR) is a European Union regulation that standardizes the rules related to processing and controlling personal data by companies and public authorities. While it is an EU law, it directly impacts businesses throughout the world if they process or control any personal data belonging to citizens of the EU.
While the complete regulation is robust and should be reviewed with your legal team, at a broad level, it provides data protection beyond the borders of the EU, gives individuals better control over how their personal data is captured and used, and enforces the law through the use of penalties.
The regulation focuses on EU citizen data and is not limited by the location of the company that is processing or controlling this data. This means that a company can be located anywhere – within the EU or not – and still be impacted by the regulation if they are processing the data of an EU citizen.
The GDPR gives individuals more control of how and when their data is used. From requiring clear consent at the point when a person’s data is collected to ensuring that people can access their own data anytime, there are many components of the regulation that address what companies must do when processing or controlling personal data.
In order to make sure that companies take the necessary steps to comply with the GDPR, the regulation specifies that companies that are not within compliance may receive a fine of up to 4% of their annual world sales or 20 million euros, whichever is higher.
The GDRP protects the data of EU citizens. This means that, regardless of where your business is located, if it processes or controls data belonging to EU citizens, it must do so in accordance with the new regulation. If you do not follow the regulation, you are subject to fines in the same way companies that are located in the EU are.
As a service management solution that comprises ticketing system, workflow automation and a wealth of other features, OTRS can support companies in their efforts to become GDPR compliant by giving companies the tools they need to quickly address corporate security issues and track information that may be audited for GDPR or any other privacy purpose.
In addition, OTRS AG has taken measures to ensure that our data handling processes are in line with GDPR requirements so that customers using the fully-managed OTRS solution are compliant within our environment.
For OTRS AG, the topic of data protection has always been of the highest importance.
Compliance with privacy regulations and guidelines has always been, and will always be, treated as an absolute priority.