General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) mandates guidelines for collecting and processing personal information for all European Union (EU) citizens. General Data Protection Regulation (GDPR) covers all companies in European Union (EU) countries and other companies elsewhere that store and use EU citizens’ personal data. Companies should know where the personal data records are kept, keep the data secure, send marketing e-mails to only “opted-in” persons and report breaches of security within 72 hours.

appGDPR logo


No company can claim 100% compliance, but they have to make “Good Faith Effort” to cover most of the ground. While compliance takes People, Processes and updated Computer Systems, you can cover most ground by doing the following:

Search and scan current systems including legacy systems, databases and unstructured data for personal data and provide Assessment Report (Data Profiling).
Make your public facing systems (CRM, Website, Marketing, etc.) opt-in compliant, by creating new screens and workflow capabilities including automated e-mail communication and action with the personal data subject.
Identify and remove (forget) personal info, when there is no longer a business purpose for retaining it or when a person requests it be erased (Data Profiling). Another measure would be to tag an expiry date or expiry event during creation of the personal info itself (MDM Governance).
Have control over what personal data gets into your organization, in other words a well implemented MDM solution.

Though you might have undertaken “GDPR Compliance Initiative” already to meet the May 2018 deadline, there would be business interruptions such as acquisitions and mergers, which would necessitate GDPR Compliance to be revisited, and not to mention ongoing “Stay Compliant” requirements.

Companies who are deemed non-compliant with GDPR face stiff penalties of up to 4% of global annual revenue or €20 million, whichever is greater.