InnoSec is the winner of the EU commission Horizon 2020 grant based on its innovation in GDPR and cyber risk. "We are excited to address this urgent need and help prevent organizations from incurring the €20m or 4% of annual revenue penalties by automating the privacy impact and risk assessments required by GDPR,” says InnoSec CEO, Ariel Evans.
GDPR is an urgent issue that has companies scrambling to be compliant by May of 2018. Any organization that processes EU citizen data is in scope and the penalties are severe. The EU has had a directive on data protection and privacy since 1995. The directive as not implemented homogeneously across the EU. The EU has the need for enforcement and has changed the directive to a regulation that is legally binding and also creates consistency across the whole of the EU. GDPR is expected to save more than €2 billion per year as there will just be a single set of rules to comply with rather than different ones in different countries.
Alignment with these requirements can reduce the chances of triggering a Data Protection Authority (DPA) to investigate a company’s privacy practices after the GDPR takes effect in May 2018. DPAs can impose a fine on companies of up to 4% of annual global revenues for egregious violations of the GDPR. Member states can also add to these fines. The Netherlands, for instance, has more than doubled its own fining capacity to 10% of annual revenues. European privacy advocates are pressuring DPAs to fully exercise these new powers after May 2018.To manage this risk, multinationals should have a means to demonstrate alignment with the GDPR requirements and communication of this program with DPAs that have jurisdiction over their major European operations.
“InnoSec’s GDPR solution provides privacy impact and risk assessments which measure the confidentiality and integrity of the system and the risk associated to it meeting articles 1,2, 5, 32, 35 and 36. Additionally, we provide a readiness gap analysis for managing, planning and budgeting for GDPR,” explains Evans. Evans believes that GDPR was designed as a way to get cyber security front and center in the board room.
“Most e-commerce, educational and multi-national organizations process EU citizen data and are in scope for GDPR. Moreover, most organizations are not ready according to Gartner and his means the race to the finish line requires as much automation as you can afford. InnoSec provides a means for companies to save money and time with their GDPR assessment and gap analysis offering. The gap analysis the attacks are not associated to the systems and the impact is not measured. Our GDPR offering automates the assessment process and provides a gap analysis readiness feature, that also ensures that organizations can plan, budget and manage their GDPR program.”