Fujitsu is launching a comprehensive portfolio of services to help organizations comply with the EU General Data Protection Regulation (GDPR). The new legislation, which will come into effect on May 25, 2018, introduces new obligations for all organizations – no matter where they are based – that store, process or analyze personal data of EU residents.
Fujitsu services related to the EU GDPR are aimed at helping organizations to be both aware of and prepared for the new obligations and requirements that the legislation brings. With GDPR, the EU is harmonizing existing national data protection regulations and defining a new and extended level of European Data Protection.
The starting point recommended by Fujitsu is to conduct an assessment of the relevant data held today, and where it resides. Together with industry-leading security partners, Fujitsu is offering professional assessments comprised of data inventory scans, to help discover existing GDPR-related data.
By May 2018, businesses around the globe must have established GDPR-compliant policies to process personal data, including how they handle data deletion. GDPR will also bring a set of obligatory steps that include reporting data breaches within 72 hours and notifying affected individuals. These are all areas where Fujitsu is able to provide professional support, including contingency measures and establishing both GDPR-related strategies and clearly defined processes in how to detect and react to data breaches. The penalty for ignoring GDPR and its obligations is a potential fine of up to EUR 20 million or up to four percent of global annual turnover, whichever is the greater, for failure to comply.
David Delaney, Service Delivery Director Fujitsu commented; “GDPR is one of the most significant legislative developments in the EU in a number of years. Its impact will be widespread and felt by organizations of all sizes, providing greater data protection to millions of people. The audit and classification requirements, combined with regular assessment can only be achieved by organizations with the right technology and processes in place. The imperative for organizations to adopt and drive a digital transformation is clearer than ever and for many, needs to begin today if they are to be ready in time for May 2018.”
Rob Norris, VP Enterprise & Cyber Security at Fujitsu EMEIA, said: “We believe that GDPR readiness will oblige organizations to carry out thorough preparation, to set up the processes necessary for compliance, as well as supporting alignment of their systems and services with GDPR’s requirements. It is a sweeping set of legislation: GDPR will apply to organizations of all sizes and in all industry sectors – not just those within the EU, but also organizations from outside the EU who process and handle EU citizens’ data.”
Fujitsu is introducing a wide-ranging set of dedicated consultancy and professional services – from readiness reviews through to implementation and managed security services – to help organizations be ready for the GDPR – and to avoid the potential of large fines for lack of compliance, as well as the loss of trust from their customers.
Pricing and availability
Fujitsu offers an initial GDPR assessment, a fixed price service providing organizations with a readiness assessment before the legislation comes into effect. Subsequent services for more detailed analysis and implementation or remediation work depend on organizations’ requirements, the size of the organization, its application landscape and complexity, and business priorities.