DENVER--(BUSINESS WIRE)--CyberGRX, the company behind the world’s first global risk exchange, today announced the availability of the CyberGRX GDPR Readiness Program. The program combines GDPR readiness questions with CyberGRX services to help enterprises identify which of their third parties require a GDPR assessment and whether they have the proper controls in place to prepare for the requirements of the GDPR. The CyberGRX GDPR assessment questions cover the following areas for data controllers and processors: privacy by design, data minimization and monitoring, integrity and accountability, and fairness and accountability. The new program will help enterprises determine whether they or their third parties have potential GDPR compliance gaps and arm them with prioritized mitigation strategies to address those gaps.
In order to comply with the May 25, 2018 GDPR deadline, organizations that collect or process data from parties in the EU must go beyond having security and data protections in place to safeguard data within their own enterprise. Companies that outsource data processing to a third party, such as a vendor, contractor, partner or customer, remain responsible for the security of that data. Failure to do so can result in GDPR non-compliance, with penalties that include fines of up to €20 million or 4% of global turnover.
Through the GDPR Readiness Program, CyberGRX will help enterprises survey their digital ecosystem to determine which of their third parties may need to demonstrate GDPR compliance. Those third parties will answer specific GDPR questions around controller and processor requirements to help enterprises confirm they have the proper GDPR controls and security strategy in place. Using the dynamic assessment data and advanced analytics, CyberGRX will then develop a prioritized plan to address identified gaps while working with third parties to mitigate them in advance of May 25, 2018.
“The looming GDPR deadline is forcing organizations across the world to take a close look at the long tail of the data they’re tasked with safeguarding,” said Fred Kneip, CEO, CyberGRX. “It’s not uncommon for a large enterprise to have tens of thousands of third parties with access to their data, and attackers have been increasingly targeting third parties with weak security controls. The penalties for GDPR non-compliance are steep, and come May 25, companies will have a legal, documented responsibility to protect data beyond their four walls and into their extended digital ecosystem of third parties. The CyberGRX GDPR Readiness Program will take the guess work out of figuring out which third parties put you at risk of non-compliance while offering a prescriptive and prioritized plan to mitigate gaps.”
The CyberGRX GDPR Readiness Program is available immediately as part of the CyberGRX Exchange. For more information, please visit https://www.cybergrx.com/2018/02/three-steps-every-risk-manager-can-take-prepare-gdpr-today/
CyberGRX provides enterprises and their third parties with the most cost-effective and scalable approach to third-party cyber risk management today. Built on the market's first third-party cyber risk Exchange, CyberGRX arms organizations with a dynamic stream of third party-data and advanced analytics helping organizations efficiently manage, monitor and mitigate risk in their partner ecosystems. Based in Denver, CO, CyberGRX was designed with partners including ADP, Aetna, Blackstone and MassMutual, and is backed by Allegis Capital, Bessemer Venture Partners, Blackstone, ClearSky, GV (formerly Google Ventures), MassMutual Ventures, Rally Ventures and TenEleven Ventures. For more information, visit www.cybergrx.com or follow @CyberGRX on Twitter.