Get Ready for The New General Data Protection Regulation (GDPR) Law - The Tek > Blogs
X

Blogs

20Feb

Get Ready for The New General Data Protection Regulation (GDPR) Law

Security | 0 Comments | | Return |

Get Ready for The New
General Data Protection Regulation (GDPR) Law

- by:  Rick Miller

     GDPRThe law enacted by the European Union known as the General Data Protection Regulation or (GDPR) went into effect in May 2018. The law is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

     It has far reaching effects on how companies collect, protect, and utilize data around the globe. For U.S. based companies there are several key issues to keep in mind. Remember this law extends beyond the E.U., so U.S. firms collecting and processing private data that involves E.U. citizens are liable under the new law. Because the law extends beyond the E.U., it is the first global data protection law.

     The first thing to understand about the law is that it expands the definition of personal data. The GDPR defines personal data as, “any data that can be used to identify an individual. That includes genetic, mental, cultural, economic or social information.” ComputerWeekly.com

      Another stipulation of the GDPR is that organizations must get clear consent to process collected data. Organizations must explain what personal data they are collecting and how it will be processed and used. They must also ensure that if a breach occurs it is reported to appropriate authorities within 72 hours.

     Since the EU law extends globally it is important that U.S. companies prepare now. If businesses do not prepare for the law they could find themselves being fined. The fines are considerable reaching up to 4% of their global annual turnover.

     In her blog GDPR for Dummies, Kate Bordwell, takes the very complex rules of the law and turns it into a practical and simple theme. She says the rules can be seen as following six themes.

  1. Know what you have, and why you have it.
  2. Manage data in a structured way.
  3. Know who is responsible for it.
  4. Encrypt what you wouldn’t want disclosed.
  5. Design a security aware culture.
  6. Be prepared... Expect the best but prepare for the worst.

     There a few key points to consider when thinking about the ramifications of the GDPR. If your company has a website and you are collecting cookies it is possible that you are collecting and processing Personally Identifiable Information. (PII) Under GDPR you will need to apply the six themes above to that data. It is also key to make sure in the process of collecting and processing data that you document the journey of the data. Consider making data maps as part of your data organization plan.

Document Document Document!
However, you decide to organize, process, and store your data it is imperative that you document your processes. Documentation will be critical should you encounter a breach.

     While many see the new law as a nuisance, it has far reaching implications when it comes to the protection of consumer data. If we see the law as an opportunity to improve the security of our client’s data then we have started to create a culture of security within our organizations. In the end the overall purpose of the law is to provide global protection for consumers. If as a result we begin to create a culture of security we all win.

Related

Cool Micro PC setup for Conference Room

We had a client that needed a conference room TV that was fast and portable. This was our solution.

Read More >

WANNACRYPTOR (WANNACRY) – RANSOMWARE

“In the most widespread attack to date, the WannaCryptor (WannaCry) ransomware family infected...

Read More >

7 Quick Cyber Security Tips for SMB Business Owners

From Fortune 500 companies to SMBs, everyone knows that technology changes constantly. Depending on ...

Read More >

I want everything in the cloud please!

The cloud in the last 5 years has become one of the biggest catch phrases for business of all sizes!...

Read More >

Zombie Armies on the Attack!

It could be a Hollywood movie title. “Attack of the Botnet”No a botnet is not a giant fa...

Read More >

Good News for Small and Medium Sized Businesses!

Well its about time. Finally, SMB’s are starting to get some protection from the Federal government...

Read More >
You need to login in order to comment
Sign up for our Newsletter
Name