does the GDPR apply ecfirst :: GDPR IIG
  • Question 1

    To whom does the GDPR apply?

  • Question 2

    Are organizations based in the US required to comply with the GDPR?

  • Question 3

    If an Organization does not charge for services offered, does it need to comply with GDPR?

  • Question 4

    How does a customer obtain consent?

  • Question 5

    To comply with GDPR, does my Organization need to appoint a Data Protection Officer (DPO)?

  • Question 6

    What does “processing” means?

  • Question 7

    Is parental consent required for Data Subjects under the age of 16?

  • Question 8

    GDPR applies to which types of individuals or Organizations :

    a) Any Organization that processes
    personal data

    c) Data controllers operating
    in the EU
  • Question 9

    A Data Protection Officer (DPO) must be appointed:

    a) In all cases, regardless of
    the levels of data processing

    b) If an Organization processes
    any sensitive personal data
    relating to EU citizens

  • Question 10

    Within what period is an Organization required to notify a supervising authority about a data breach?

  • Question 11

    In May 2018, GDPR regulations gave EU residents and citizens more rights and control over their data. However, in what terms will they have more rights and control?

    a) The right to be forgotten
    b) The right of data portability
  • Question 12

    Within which timeframe are Organizations required to respond to data access requests?

  • Question 13

    What is the term used in the General Data Protection Regulation (GDPR) for unauthorized disclosure of, or access to, personal data?

  • Question 14

    The right to restrict processing is a right of the data controller.

  • Question 15

    Is Consent required for data subjects under the age of 16?

About ecfirst

Established in 1999 ecfirst is an Iowa-based Corporation. ecfirst delivers complete end-to-end compliance and information security services across the United States and worldwide. ecfirst has completed several hundred information security assessments over the last few years for satisfied clients. Our team has managed assessments using various standards including, but not limited, to NIST 800-53, HITRUST, HIPAA, GDPR, ISO-27001, PCI-DSS and others. We are well regarded in the industry as an affordable and high-quality team with well-established expertise in a number of fields. Many clients first engage ecfirst for its flexible services that range from On-Demand Consulting (ODC) to Managed Compliance Services Programs (MCSPs) covering training, policies, remediation, risk assessment, technical vulnerability assessments, penetration testing and much more.

Act Now for GDPR Compliance!

Time is running out for businesses ill-prepared for the May 2018 introduction of the EU’s GDPR. Failure to comply may result in fines up to 4% of annual global revenue or €20 million — whichever is greater! Schedule an ecfirst GDPR Cybersecurity Strategy Workshop Now!

Our mission is to keep your Organization compliant with regulations and be prepared for any cybersecurity event at any time. Our Information Security experts are able to recommend and help implement your company’s strategic goals and tactical steps for managing enterprise security.


Copyright © 1999-2018 ecfirst Inc. All rights reserved.