TrustArc Blog

The Careful Planning Required to Meet and Maintain GDPR Compliance – Tips and Tools for your GDPR RFP

September 10, 2019

The EU GDPR went into effect on May 25, 2018 and is a law designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the EU, replacing the patchwork of existing regulations and frameworks. The reach of the GDPR extends beyond the Directive it replaced. The GDPR comes with significant penalties for non-compliance – fines up to 20,000,000 EUR or 4% of total worldwide annual turnover of the preceding year (whichever is higher). Aside from financial penalties, many businesses require their vendors to be fully compliant with the GDPR as a condition of doing business. Non-compliance could lead to significant loss of business to competitors who are able to demonstrate their GDPR compliance.

TrustArc CEO Chris Babel explained in his 2019 predictions, “Privacy will continue on a similar path as the evolution of cybersecurity. The number of breaches and privacy-related incidents will continue to rise, up and to the right. This rise will be comprised of peaks and valleys. Like with security, a standard of constant privacy will become the new normal. For example, while many organizations treated GDPR as a project, with a finite end, compliance is a continuous exercise that requires the same focus and vigilance as security or taxes.” 

For the second year running, the IAPP together with TrustArc surveyed 345 privacy professionals around the globe to gain an understanding of how privacy technology products are purchased and deployed within an organization. The data from this research report showed the importance of carefully outlining a company’s needs when it comes to developing a successful privacy program. The top four categories that respondents were planning to purchase in the next 12 months are products that primarily fit under the privacy program management sphere of influence. 

At the top of the pack is data mapping and data flow, at 24%. With obligations such as the GDPR in full effect, it’s not surprising that this is a solution at the top of a privacy department’s wishlist. Also, unsurprisingly, privacy program assessment and management is near the top of planned purchases in the next 12 months. One in five respondents identified this category as a likely purchase in this year’s survey. These solutions play a large role in operationalizing the privacy department through more streamlined workflows for privacy impact assessments, for example, and communicating and managing the work of the privacy office. The old days of spreadsheets and Word documents are simply not up to the demands of the modern digital ecosystem.

With enforcement activity likely to ramp up in the EU and with laws like the CCPA set to go into effect at the beginning of 2020, the need for privacy solutions will continue to grow. Maintaining compliance requires diligent planning and training for teams on their roles in helping to sustain GDPR compliance. Technology can help teams automate some of the otherwise manual processes, which will save time and help promote consistency. Technology can also assist teams to keep careful records – both for implementing programs that pertain to requirements such as responding to data subject access requests; and, for demonstrating compliance. Companies must carefully consider their privacy approach by selecting the best solutions and tools in order to achieve their privacy program management goals. 

To help your company acquire a technology solution to efficiently manage GDPR compliance requirements, TrustArc has developed a comprehensive template you can use to help select the best privacy compliance solution for your company. The RFP Template benefits include:

  • Comprehensive list of solution requirements to support GDPR compliance
  • Flexible spreadsheet format for easy editing and collaboration
  • Works for companies of all sizes across all industries

Request the TrustArc GDPR RFP Template here.

TrustArc can also help you develop a custom RFP for your business as well as provide guidance on the types of solutions that best fit your needs.  To set up a free consultation, contact us today.