Featured - 4 items
Are you ready for GDPR?
The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018, and Cayman Data Protection Law (DPL) takes effect on January 2019, creating challenges for every organization doing business in the EU before, during and after the deadline.
When GDPR goes into effect on May 25, 2018, it will represent one of the highest standards of data protection in the world, creating a consistent, global, and unified legal basis for data protection and enforcement across the Member-States.
DPL (Cayman) is structured after UK’s Data Protection Act and internationally recognized privacy principles intended to regulate the processing of and safeguard the personal data in the Cayman Islands. It defines rights and duties to give individuals greater control over their personal data.
How will GDPR and DPL affect your organization?
- What is your data footprint in the European Union (e.g., data about employees, consumers and clients)?
- Are you prepared to provide evidence of GDPR and Cayman Data Protection Law compliance (DPL) to EU or US privacy regulators, who may request it on demand?
- Do you have visibility of and control over what personal data you collect? How do you use it? With whom do you share it?
- Do you have a privacy-by-design program, with Privacy Impact Assessments (PIAs), documentation and escalation paths?
- Do you have a tested breach-response plan that meets GDPR’s 72-hour and Cayman Data Protection Law (DPL) 5 days notification requirements?
- How you defined a roadmap for GDPR and Cayman Data Protection Law (DPL) compliance?
- Have you identified a Data Protection Officer (DPO) as required by GDPR or a Commissioner as required by Cayman Data Protection Law (DPL)?
- Have you adopted a cross-border data transfer strategy?
Core Principles:
- Lawfulness, fairness and transparency
- Accuracy
- Accountability
- Purpose limitation
- Storage limitation
- Data subject rights
- Data minimization
- Integrity and confidentiality
- Data residency
Conduct a readiness assessment
Understand if GDPR may apply to your organization by completing our online quiz. Identify how much and what type of data you handle? Then, gather information to assess your organizations current GDPR and DPL compliance maturity, and help understand your legacy risks.
Find remediation gaps
Identify existing privacy capabilities and the work that needs to be done to bring your organization into GDPR and DPL compliance. Identify areas where you can limit or out-of-scope GDPR impact altogether.
Establish oversight
Put your organization’s ongoing GDPR and DPL governance structure and model into place to coordinate and implement your remediation activities.
Implement your program
Get your GDPR and DPL program off the ground: remediating gaps and establishing a privacy program.
Compliance and ongoing monitoring
Once GDPR and DPL is in effect and your program is in place, conduct ongoing compliance to drive continued accountability.
Contact us
Contact us
Partner, Technology, Risk Assurance and Advisory, PwC Cayman Islands
Tel: +1 (345) 914 8674
Risk and Credit Modelling Advisory Services, PwC Cayman Islands
Tel: +1 (345) 914 8678