GDPRGeneral Data Protection Regulation

Providing visibility and flexibility into the management of personal customer data for GDPR compliance

GDPR

Identify, Track, and Secure

The European Commission defines personal data as “any information relating to an individual, whether it relates to private, professional or public life.” It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. We can help you identify which data needs to be secured and then help you secure it.

Regardless of where personal data resides, CampusGuard can assist your organization in implementing an information security program that will give you visibility into customer personal data in order to comply with GDPR.

Key Concerns with GDPR

Workflow Changes

As new requirements are established, organizations must update steps to their workflow in order to meet them.

Vague Requirements

There are terms and phrases within the text of the GDPR that are undefined and therefore can complicate an organization's understanding of those requirements.

Extraterritorial Reach

Countries outside of the EU are not familiar with GDPR and therefore are not aware of the requirements they must be prepared to meet in order to be compliant.

10 Key Requirements

The GDPR has stringent rules across 10 Key Requirements:

  • Lawful, Fair, and Transparent Processing

    Organizations must have documented rationale for processing personal data and must communicate policies transparently with a privacy notice.
  • Data Subject Rights

    These rights communicate the relationship of an individual with an organization in terms of personal data.
  • Consent

    Individual consent must be granted in certain cases of collecting and using personal information.
  • Awareness and Training

    Up-to-date training is required for anyone who handles personal data.
  • Personal Data Breaches

    A personal data breach is defined as any event leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  • Privacy by Design

    Organizations must acknowledge privacy concerns before processing personal data.
  • Limitation of Purpose, Data, and Storage

    Organizations must have an established purpose for collecting personal data, once that purpose is no longer met, the information should be deleted.
  • Data Protection Impact Assessment

    These must be used whenever data processing "is likely to result in a high risk to the rights and freedoms of natural persons."
  • Data Transfers

    Additional safeguards need to be applied when personal data is being moved to a country outside of the EU.
  • Data Protection Officer

    An independent expert whose role is to advise on GDPR compliance.
GDPR - General Data Protection Regulation

Why Choose CampusGuard?

At CampusGuard, we specialize in the complexities and diverse environments of campus-based organizations. Our dedicated team prides itself on our expert accreditation, staying updated on the latest trends, and working alongside our clients with a personal approach.

481

GDPR complaints filed in 2023*

2.1 B

Total fines imposed by the EU for GDPR violations in 2023*

40.9 %

Increase over the total GDPR fines imposed in 2022*

Stay Current, Stay Protected

The language, parameters, and requirements of GDPR can be confusing and overwhelming. Our team of experts is ready to help you sort out your needs and get you on the road to compliance.

Get Started Today

Top GDPR Frequently Asked Questions

The General Data Protection Regulation (GDPR) is a privacy regulation that went into effect in May 2018 in the European Union (EU). It is designed to protect the personal data and privacy of EU citizens and harmonize data protection laws across all EU member states.

The GDPR defines personal data as any information that relates to an identified or identifiable natural person, such as a name, address, email address, ID number, or IP address.

Under the GDPR, organizations must obtain consent from individuals before collecting their personal data, and they must provide individuals with access to their data, the right to have it deleted, and the right to object to its processing.

The GDPR also requires organizations to implement appropriate technical and organizational measures to ensure the security of personal data, and to report data breaches to supervisory authorities and affected individuals within 72 hours.

The GDPR applies to any organization, regardless of its location, that processes personal data of EU residents in the context of selling goods or services, monitoring their behavior, or processing their personal data. This includes organizations located outside the EU that offer goods or services to EU residents or monitor their behavior within the EU.

Countries in the EU include Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain and Sweden.

Violations of the GDPR can result in significant fines, up to 4% of an organization's global revenue or €20 million, whichever is greater, as well as reputational damage and loss of customer trust.

Article GDPR

GDPR: Updating Your Privacy Notice

The organizational privacy notice is one of the documents that must be updated to better align with the new European General Data Protection Regulation.

Read More about the GDPR: Updating Your Privacy Notice