GDPR enforcement data: 25th of May 2018

The EU data protection reform was adopted by the EU parliament and the EU Council on April 27th in 2016. And this European Data Protection Regulation is applicable as of 25th of may 2018 by replacing the Data Protection Directive.

GDPR Penalties and Fines

Organizations by not following the rules in non-compliance risk heavy fines of up to  €20 million, or 4% of the global yearly turnover of the organization, whichever is higher.


Here are the GDPR checklist: 5 things you need to do

  1. Prepare your organization

Introduce the requirements of GDPR in the organization to the stakeholders. Trani your employees in cybersecurity, introduce them with the privacy by default principles and privacy by design. If you have more than 25 employees staff then assign a DPO – Data Protection Officer to train your employees.


  1. Audit your Data

Make sure you have a record of all your data, where all your data lives, who access the data, and on what devices. You need to identify where personal data is processing which also includes the third party processors. Update your current privacy policies and document the grounds for lawful processing.


  1. Collect details of service partner

Make sure that your embedded third party or that service partners services on your websites or software as a service provider compliant with GDPR or under an officially sanctioned data jurisdiction. Analysis and review their international data flow for mapping.   

  1. Obtain Consent

Implement methods for obtaining, seeking and recording consent to ensure compliance. Make sure to keep a record of what your each user data subject consented to and then provide multiple options for the data subject to change or revoke that consent.


  1. Respond to the data rights

Use the procedures which enable your organization to respond to data subject right, such as a data access, erasure, and rectification. Prepare a document about how all these things will be exercised in both customer and employee contexts.


VulnOS- GDPR Unified Automation Platform helps all type of business wheater it is small, medium or large. The VulnOS help you in connecting your current tech setup, guide you in data sources, help you step by step through the GDPR compliance process. Contact the consultant of VulnOS for more detail.


VulnOS helps small to medium-sized businesses with GDPR compliance process. VulnOS is a fully automated solution that will keep your compliance up to date, through a simple to use interface and saves your time and undertake repetitive tasks related to your GDPR compliance and privacy risks.