Adapting to a New World of Data Privacy

The General Data Protection Regulation (GDPR) is a massive shift in the legal landscape. With time running out until the GDPR deadline, use this guide to ensure your corporate legal department is protecting both the organization and its employees, including ELM Solutions' commitment to data privacy.

What is the GDPR?

GDPR expands how companies manage and share personal data in two crucial ways

‚ÄčIf the new consent rules ask companies to reshape their data policies, the proposed fines give them the motivation to make it happen.

First, GDPR sets an impressively high standard for data protection, effectively putting control of Personally Identifiable Information (PII) directly in the hands of the individual whose data is being collected. Second, the GDPR’s penalties are severe enough to get the world’s attention and affect an organization’s reputation, which can be extraordinarily detrimental in the long run. 

 

On the positive side, implementation of GDPR is an opportunity for businesses to demonstrate how seriously they regard the challenge of modern data protection.

What's Going to Change?

Scroll over for more on GDPR personal data protection attributes you need to know

Definition of "personal data"

Can include anything from names, emails, social media posts, medical records, IP addresses or other metadata

The right to be forgotten

EU residents can request that data be erased and no longer disseminated, including revoking third-party data processing

Rules for consent

Consent can be withdrawn as easily as it’s given – and businesses’ requests for consent must be clear and intelligible

The right to be informed

Businesses must be transparent in how data will be used, providing fair processing information, such as a privacy policy

Lawful processing

Businesses must have a lawful basis to process personal data

The right to data access

EU citizens retain the right to discover how their data is used, including where and when, and can request a copy of stored data

The right to data portability

Citizens may transmit their data between multiple controllers

The right to breach notifications

If a security lapse could result in "a risk for the rights and freedom of individuals," an alert must be issued within 72 hours

Privacy by design

Data protections must now be included during development processes, not tacked on as an afterthought

7 Steps to GDPR Compliance

Preparing for and maintaining compliance with GDPR will undoubtedly prove challenging for many in-house lawyers, particularly mid-market or smaller organizations that may not be currently equipped to handle GDPR’s rigorous requirements. 

 

You've been preparing for the past year. Now with time running out - and potentially costly penalties on the line, have you covered all bases?

 

Check out this whitepaper for more.

Our Commitment to GDPR Readiness

Ongoing compliance for our customers

Every day, customers around the world trust us to help them understand and meet complex and ever-changing legal and regulatory obligations. Just as we help customers meet their obligations, we are commited to protecting our customers' and employees' personal and professional information.

Ongoing compliance for our solutions

To ensure our products and operations are in compliance, see the following processes, procedures, and measures implemented.
  • Data Processing
  • Security

  • Accountability
  • Transparency in how EU personal data is gathered, captured, collected and stored; clearly communicate our data privacy policy
  • Processes to effectively respond to requests for PII, including those to edit, correct, delete, or amend EU personal data
  • Information for clients on new and existing features in their systems to help with their own GDPR readiness 
  • Demonstrate and maintain compliance with all GDPR data processing requirements

  • Industry best practices for encryption using transport layer security 1.2
  • All invoices required to be submitted securely though applications vs. less secure email methods
  • Maintain ISO 27001 certification and other GDPR technical security measures

  • A Data Protection Officer (DPO) to oversee GDPR compliance for Wolters Kluwer 
  • EULA and Terms of Use acknowledgments updated, as well as contracts and agreements reviewed to meet GDPR requirements
  • Proof and verification that the companies we work with are also GDPR compliant, ensuring that the entire data chain meets GDPR regulations

We - and our best-in-class partners - are already ISO-27001 certified, and many of the GDPR regulations closely align with these objectives – in some cases directly overlapping.