GDPR (General Data Protection Regulation) is just one of many new sets of Data Privacy rules defining how personal data must be protected and managed. The regulations impact virtually every major company doing business in North America and EMEA, along with other regions.
While most of the regulations include a comprehensive set of mandates addressing the processing and management of PII, contracts play a crucial role in compliance. For an effective compliance initiative, organizations must:
- Ensure contracts include a clear definition of a data breach and specific obligations which are understood and comply with each regulation’s requirements.
- Know the location, access policy, and processing scope of all PII that may exist – including “dark data” across the organization.
- Confirm contractual agreements with processors (and sub-processors) of PII, or other vendors that come into contact with PII, have appropriate language defining the nature and scope of their access to PII.