The deadline for GDPR compliance is growing near, yet a surprising number of organizations are unprepared to comply with the stringent data protection rules. This resource kit includes a GDPR policy and compliance checklist, a data compliance officer job description, a data breach notification letter, and sample text for several consent request forms. For more information about the GDPR and how to avoid costly penalties for noncompliance, see Getting ready for the GDPR: An IT leader’s guide.

From the resource kit:

The EU General Data Protection Regulation (GDPR) is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise, or business safe from unauthorized access or use. The GDPR will go into effect on May 25, 2018, and the provisions in the law will greatly affect the manner in which every business transaction involving EU citizens is conducted from that point forward.

Provisions in the GDPR grant the EU the authority to enforce the regulations across international borders. That means a small 20-person company located in Texas that collects personal data from a customer residing in Paris in order to sell and ship a cowboy hat will be subject to the security provisions of the GDPR—and more important, will be liable for any penalties imposed for not following those provisions. There are no exemptions for size, scope, location, or first offenses. Fail to meet the provisions of GDPR and you will incur penalties.

Organizations that ignore the GDPR are opening themselves up to uncertain liability, substantial risk, and potential financial hardship. The gravity of the GDPR would suggest a prudent course of action is required, including establishing procedures, protocols, and policies that address and meet the requirements of the law. This EU General Data Protection Regulation (GDPR) Policy will give you a head start on building guidelines that fit your company’s circumstances.