European Union’s General Data Protection Regulation (GDPR), a regulation designed to harmonize data privacy laws across the EU, went into effect May 25, 2018.
The GDPR poses significant challenges for compliance professionals, including a 72-hour risk assessment and breach notification timeline as well as hefty consequences for noncompliance – potential fines up to €20M or 4% of an organization’s total worldwide annual turnover, whichever is higher.
Automation to Simplify Compliance with GDPR Breach Notification
Radar operationalizes and simplifies compliance by applying risk assessment automation and notification guidance to eliminate the subjectivity and inconsistency inherent in deciding whether security breaches are reportable under the GDPR. Now more than ever, technology is able to bring innovation to privacy programs and help privacy and legal professionals more effectively manage mounting regulatory complexities.
Building on a proven and automated multi-factor risk assessment platform for US State, federal, and sector-specific data breach laws, Radar has extended its patented Breach Guidance Engine™ to provide consistency and efficiency for compliance with the GDPR’s complex breach risk assessment and notification obligations.
Covered entities, controllers, processors, and business associates benefit from Radar’s intuitive workflow and sophisticated risk assessment and lifecycle management to ensure and simplify compliance with internal and external reporting obligations.
Radar’s multi-factor and multi-jurisdictional decision support platform operationalizes breach notification under the GDPR. Using Radar, you can:
- Efficiently capture breach details and risk profiles. Through an intuitive interface, you can capture breach details including key risk factors, such as the intentional or unintentional nature of the breach, data protection measures, risk mitigation outcomes, and the scope and sensitivity of personal data involved.
- Quickly perform risk assessments to make consistent and timely notification decisions. Breach notification decision-support guidance and obligation details are codified into the Radar Breach Guidance Engine™, which recognizes the nuances in DPA and affected individual notification requirements for organizations with or without an establishment in the EU.
- Provide supervisory authority notification within the 72 hour timeframe. Track and prioritize notification requirements in a central dashboard. Create and manage notification letters directly from the assessment profile, maintaining a repository of every notification.
- Maintain a central repository for documentation. The entire process is documented to support your organization’s notification decision and burden of proof obligations under data breach laws, including the GDPR.
- Benefit from automation to make efficient, informed decisions. Radar scores the severity of a breach and sensitivity of involved data, generates a risk heat map, and provides decision support for regulatory and contractual notification obligations.
Radar takes into account clear and nuanced differences in US and EU breach notification laws, including:
- Definitions of breach, personal data, and regulated forms of data
- Awareness and discovery dates
- Regulation specific risk of harm assessments
- Notification timelines (whether it’s in the most expeditious manner possible, within 30 days of discovery, or not later than 72 hours after having become aware)
- Who needs to be notified and what information must be included
- Safe harbors or exceptions from notification
Radar addresses GDPR breach notification requirements as described in
Article 5, Principles relating to processing of personal data; Article 33, Notification of a personal data breach to the supervisory authority; Article 34, Communication of a personal data breach to the data subject; Recital 73, Restrictions of rights and principles; and Article 40, Codes of conduct, pertaining to sector-specific requirements.
Fortune 100 companies and other organizations from heavily regulated industries in finance, insurance, healthcare, and beyond rely on Radar for efficiency and consistency in incident response.
Explore How Radar Works
Make the Right Notification Decisions with Less Effort
Radar is the only solution with automated risk scoring and breach notification decision-support, helping you avoid the pitfalls of over- and under-notifying.