The new General Data Protection Regulation (GDPR) is the talk of the town in the security world. A day doesn’t seem to pass by without a new security breach being reported in the media. Recent cases such as the Equifax scandal and the data breach at Deloitte has brought the subject of data security to the forefront of the news cycle. There are steps all organisations need to make to stop their name being on the next data breach headline.
The breaches give credence to the idea that there was a serious need for a ratified law across all EU member states, specifically relating to data security and protecting individuals data. The new GDPR legislation was ratified back in 2016 and it outlined the need for each member state to implement it into a new national law by May of 2018. Now with under a year to go, we would like to provide our customers with a better understanding of how this new regulation will impact businesses across the Eurozone and how we can help them comply with the law.
Firstly, why was GDPR created?
GDPR was created to allow individuals greater control over their personal data. It will unify the set of protection laws across the EU, bringing everyone in line with one standard. Companies that are operating outside of the EU will be subject to this law when they collect data concerning an EU citizen.
What is GDPR at is core?
GDPR addresses many of its predecessors (Data Protection Directive) failings including updating requirements for documenting IT procedures, performing risk assessments, notifying the consumer and authorities of a breach and reinforcing the rules for data minimization.
What are the key changes?
- Increased Territorial scope
o The legislation will apply to all organisations holding data belonging to EU citizens.
- Data Protection Officers
o Any business that markets goods or services to customers within the EU and collects personal data must appoint a Data Protection Officer.
- Privacy by design
o Is the inclusion of data protection resources from the initial design stage of a system.
- The right to be forgotten
o Any private citizen will be entitled to request the erasure of their personal data.
- The right to access
o The owner of the data has the right to obtain records of their personal information, including where it’s being stored and for what purpose.
- Breach notifications
o Companies have an explicit instruction to notify authorities of a breach within 72 hours of one occurring.
What if you don’t comply?
With the new law comes a greater ability to fine companies that don’t comply to GDPR. These fines are significant not just in their size, 4% of global revenue or €20 Million, whichever is the highest out of the two. This has huge implications for companies of any size as if they do suffer a breach it could lead to the company being put out of business!
How do you become GDPR ready?
3 simple steps can help prepare your organisation for GDPR.
- Create awareness across the organisation about GDPR, what it covers, and what the fines are for noncompliance.
- Use software to find and detect all sensitive data within the organization, including servers, documents, workstations, email inboxes and all cloud storage.
- The strategy must be executed within the organization. Appoint a DPO to lead the team and to make sure all of the rulings are adhered to.
How can Ground Labs help?
We offer Free risk assessments to give an organization a snapshot of all of the sensitive data being held in the environment we scan. The assessment will help to identify and understand what the potential GDPR risk is to an organization.
Now you know how to prepare for GDPR, is your company ready? Start your GDPR journey with Ground Labs, click the link for a free risk assessment http://content.groundlabs.com/gdpr_assessment
Who is Ground Labs?
Ground Labs is the data security and auditing software provider of choice for over 2500 companies globally. Organizations use our Enterprise Recon and Card Recon products to scan and remediate for unsecured and sensitive data on their computer systems. Securing data allows them to prevent serious data breaches and help to comply with global information standards such as PCI DSS and GDPA. Our 24 / 7 best in class support function focuses on providing a high level of customer care across multiple time zones. Founded in 2007, our global presence is headquartered in Singapore, with offices in Europe and the USA. For further information or to request a product demo please visit www.groundlabs.com