At Onspring, figuring out the complexities of GDPR has been a complicated task, but helping customers through the wilderness of the law has been a challenge we relish. I talked with of few of our associates who dealt with intricacies of the law itself and found out just how much Onspring was able to help with the overall effects many organizations faced when first dealing with it.
I believe you’d be surprised at the number of organizations that do not have a fully structured approach to evaluating the effectiveness of their system of controls. Whether their approach is not formally defined and communicated, inconsistently applied and/or inefficiently managed and monitored, they are at risk of not fully understanding whether their controls are meeting their stated objectives or worse, being completely caught off guard by a critical control failure that could lead to much more serious issues. To that end, we offer the following considerations as you evaluate the effectiveness of your control testing program.
It’s time for your 15-minute fix of ideas and insights from the world of internal audit. Explore our curated selection of articles from the Institute of Internal Auditors and other trusted sources.
The European Union General Data Protection Regulation (GDPR) was enacted on April 27, 2016, and goes into effect May 25, 2018. The GDPR impacts organizations that are based in the EU and control or process personal data for EU/EEA individuals (i.e., “data subjects”) OR are based outside the EU but control or process personal data for EU/EEA individuals. Onspring is based in the United States. However, our clients include organizations that are either based in the EU/EEA or have users who reside in the EU/EEA. For these organizations, we are providing these FAQs to help you better understand how the GDPR impacts Onspring and you.
Common supports remain in place, even as regulations and best practices evolve. Remember this as you stand at the metaphorical “ice cream counter of compliance.” The sheer variety and complexity of requirements can be overwhelming, but the core people, processes and technologies you engage to understand and address those requirements remains largely the same.