.svg)
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
GDPR Compliance in the U.S.: What to Know
In 1992, Singapore banned the sale of all chewing gum. But if you...
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
GDPR Compliance Software
The Simple GDPR Solution You've Been Looking For
Osano’s Privacy Platform can help you comply with the General Data Protection Regulation (GDPR). Osano gets you up and running quickly with capabilities for managing consent, templates and workflows for privacy assessments like Record of Processing Activity (RoPAs), automation for fast and accurate data subject access requests (DSARs), and more.
JOIN 1000+ Companies using Osano
/linux%20foundation%20logo%20gray%20400.svg)
/AMC%20Theatres%20logo%20gray%20400.svg)
/Sesame%20workshop%20logo%20grey%20400.svg)
/New%20Relic%20logo%20gray%20400.svg)
/Rodd%20and%20Gunn%20logo%20grey%20400.svg)
/Boston%20Medical%20logo%20grey%20400.svg)
/Newegg%20logo%20gray%20400.svg)
/White%20Castle%20logo%20grey%20400.svg)
/Sierra%20Nevada%20logo%20gray%20400.svg)
/Broadridge%20logo%20gray%20400.svg)
/BuzzRX%20logo%20grey%20400.svg)
/Sprinklr%20logo%20grey%20400.svg)
/JD%20Supra%20logo%20gray%20400.svg)
/Loves%20logo%20grey%20400.svg)
/Ping%20logo%20gray%20400.svg)
THE BASICS
What Is the GDPR?
Not enough time to slog through the GDPR’s 99 different articles? Check out our primer below.
Am I Subject to the GDPR?
Unlike other data privacy laws, there are no minimum thresholds before a business is subject to the GDPR. If you handle EU residents’ data, regardless of where your business is located, then you’re subject to the GDPR.
Specifically, if you meet any of the following criteria, you can assume the GDPR applies:
- You process EU citizens’ data and your business is based in the EU.
-
You offer goods or services to EU citizens.
-
You monitor the behavior of EU citizens.
The 7 Principles of the GDPR
It’s easy to get caught up in the letter of the law and forget its spirit. That’s why the text of the GDPR lays out seven principles that embody the ideal that businesses should strive for when processing personal data.
- Lawfulness, fairness, and transparency: Processing data should abide by the law, treat data subjects fairly, and be transparent.
- Purpose limitation: Only process data for a legitimate, specific purpose disclosed to the data subject.
- Data minimization: Collect and use only the data necessary to complete the specified purpose.
- Accuracy: Keep data accurate at all times.
- Storage limitation: Only store personal data as long as necessary for the intended purpose. Afterwards, delete it.
- Integrity and confidentiality: Protect data's security, integrity, and privacy.
- Accountability: Be able to demonstrate compliance through detailed documentation, train staff well, implement security measures, and adopt contractual protections with third parties who handle data.
GDPR Requirements
As far as data privacy laws go, the GDPR is known for being highly protective of consumers. That means businesses have a lot of responsibilities to uphold when processing EU citizen data. Here are just a few GDPR requirements.
- Collect, store, process, or sell data only after establishing a lawful basis for doing so—typically the data subject’s consent.
-
Secure consent that is freely given, specific, informed, and unambiguous.
-
Honor DSARs, such as requests to access, rectify, or erase data, within 30 days.
-
Notify all data subjects of a security breach within 72 hours of discovery.
-
Designate a data protection officer (under certain circumstances).
-
Conduct assessments like RoPAs and data protection impact assessments (DPIAs; under certain circumstances).
- And more.
GDPR Enforcement
Each EU member state has its own data protection authority (DPA) that levies penalties and fines. They investigate complaints, provide advice on data protection issues, and determine when the GDPR has been breached. If one of these DPAs finds your business in violation of the GDPR, you could be fined the greater of:
- 4% of annual global revenue
- €20 million
GDPR COOKIE CONSENT
Manage Consent in Every GDPR Jurisdiction
When EU citizens visit your website, you need to provide the appropriate disclosures and consent options based on their local DPA. Osano detects the geolocation of EU visitors and automatically displays the relevant banner, blocking all data trackers until the visitor agrees to their use or to specific categories of data trackers.
GDPR DATA SUBJECT RIGHTS
Manage DSARs at Scale
When a data subject makes a request under the GDPR, you have to meet that request within 30 days. Responding to DSARs takes time away from more strategic initiatives, and 30 days can go by pretty quick if you experience a high volume of requests. Osano streamlines the subject rights request process, automates common request types, and enables a faster, more accurate workflow.
GDPR VENDOR MANAGEMENT
Ensure Your Customers’ Data Is in Good Hands
Osano Vendor Privacy Risk Management can help you identify vendors who can give your customers’ data the protection it deserves. Osano helps you conduct required vendor assessments, tracks vendor privacy changes and new lawsuits, and generates a proprietary Vendor Score to help you assess privacy practices at a glance.
GDPR REPRESENTATIVE
Let Us Be Your Representative
When you work with Osano, we’ll serve as your required GDPR representative. Our subsidiary, Osano Compliance Services International, is based in Dublin, where our local team of privacy experts and attorneys are at your service to help with all EU-related issues.
Expert insights
Key Resources on All Things Privacy
Discover actionable compliance tips straight from our team of legal and privacy experts through our blogs, webinars, eBooks, guides, and more.
.jpg?width=384&height=209&name=Image%20(1).jpg)
.jpg?width=384&height=209&name=Image%20(2).jpg)