On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR), a regulation designed to harmonize data privacy laws across the EU, went into effect.
The GDPR brings significant challenges for compliance professionals, including a 72-hour risk assessment and breach notification timeline as well as hefty consequences for noncompliance — potential fines up to €20M or 4% of an organization’s total worldwide annual turnover, whichever is higher.
RadarFirst takes into account clear and nuanced differences in US and EU breach notification laws, including:
- Definitions of breach, personal data, and regulated forms of data
- Awareness and discovery dates
- Regulation specific risk of harm assessments
- Notification timelines (whether it’s in the most expeditious manner possible, within 30 days of discovery, or not later than 72 hours after having become aware)
- Who needs to be notified and what information must be included
- Safe harbors or exceptions from notification
Automation to Simplify Compliance with GDPR Breach Notification
RadarFirst operationalizes and simplifies compliance by applying risk assessment automation and notification guidance to eliminate the subjectivity and inconsistency inherent in deciding whether security breaches are reportable under the GDPR. Now more than ever, technology is able to bring innovation to privacy programs and help privacy and legal professionals more effectively manage mounting regulatory complexities.
- Building on a proven and automated multi-factor risk assessment platform for US State, federal, and sector-specific data breach laws, RadarFirst has extended its patented Breach Guidance Engine™ to provide consistency and efficiency for compliance with the GDPR’s complex breach risk assessment and notification obligations
Covered entities, controllers, processors and business associates benefit from RadarFirst’s intuitive workflow and sophisticated risk assessment and lifecycle management to ensure and simplify compliance with internal and external reporting obligations.
RadarFirst addresses GDPR breach notification requirements as described in Article 5, Principles relating to processing of personal data; Article 33, Notification of a personal data breach to the supervisory authority; Article 34, Communication of a personal data breach to the data subject; Recital 73, Restrictions of rights and principles; and Article 40, Codes of conduct, pertaining to sector-specific requirements.
RadarFirst’s multi-factor and multi-jurisdictional decision-support platform operationalizes breach notification under the GDPR. Using RadarFirst, you can:
- Efficiently capture breach details and risk profiles. Through an intuitive interface, you can capture breach details including key risk factors, such as the intentional or unintentional nature of the breach, data protection measures, risk mitigation outcomes, and the scope and sensitivity of personal data involved.
- Quickly perform risk assessments to make consistent and timely notification decisions. Breach notification decision-support guidance and obligation details are codified into the RadarFirst Breach Guidance Engine™, which recognizes the nuances in DPA and affected individual notification requirements for organizations with or without an establishment in the EU.
- Provide supervisory authority notification within the 72 hour timeframe. Track and prioritize notification requirements in a central dashboard. Create and manage notification letters directly from the assessment profile, maintaining a repository of every notification.
- Maintain a central repository for documentation. The entire process is documented to support your organization’s notification decision and burden of proof obligations under data breach laws, including the GDPR.
- Benefit from automation to make efficient, informed decisions. RadarFirst scores the severity of a breach and sensitivity of involved data, generates a risk heat map, and provides decision support for regulatory and contractual notification obligations.
Fortune 100 companies and other organizations from heavily regulated industries in finance, insurance, healthcare, and beyond rely on RadarFirst for efficiency and consistency in incident response.