Anyone dealt with GDPR yet? It's coming down the pipe and we have a couple customers that need to comply. The requirements seem... daunting and must be met regardless if you're a small company or large. It seems to be a very large burden for a small company to comply with.
A client of mine is a subcontractor for IBM and IBM is demanding they "demonstrate" their GDPR compliance, more than just a document saying they comply. My question is what are any of you doing? There doesn't seem to be a clear cut list of things to do to be compliant.
When is this becoming standard for US based businesses? Is it a security standard or more a compliance standard like HIPAA? That list is certainly a big one. Do you specifically have EU clients? Is that why you're asking?
It's an EU law, but it applies to anyone doing business with an EU citizen. The problem is the law requires you to make sure all subs you use that might interact with data belonging to EU citizens to also comply.
As an example, my client does business with IBM. IBM has to comply with GDPR, and IBM is subsequently requiring all vendors (my client) to also comply.
The deadline is 5/23/2018.
The requirements are.... pretty substantial.
We've recently created a page in regards to GDPR, please check it out!
Do CW have a page or documents stating their position on GDPR and how they are going to comply with it. For instance what guarantees CW staff will not access or copy its customers data as they have access to our CW platforms, how are CW staff audited etc.