Get Ready for The New General Data Protection Regulation (GDPR) Law - The Tek > Blogs
X

Blogs

20Feb

Get Ready for The New General Data Protection Regulation (GDPR) Law

Security | 0 Comments | | Return |

Get Ready for The New
General Data Protection Regulation (GDPR) Law

- by:  Rick Miller

     GDPRThe law enacted by the European Union known as the General Data Protection Regulation or (GDPR) went into effect in May 2018. The law is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

     It has far reaching effects on how companies collect, protect, and utilize data around the globe. For U.S. based companies there are several key issues to keep in mind. Remember this law extends beyond the E.U., so U.S. firms collecting and processing private data that involves E.U. citizens are liable under the new law. Because the law extends beyond the E.U., it is the first global data protection law.

     The first thing to understand about the law is that it expands the definition of personal data. The GDPR defines personal data as, “any data that can be used to identify an individual. That includes genetic, mental, cultural, economic or social information.” ComputerWeekly.com

      Another stipulation of the GDPR is that organizations must get clear consent to process collected data. Organizations must explain what personal data they are collecting and how it will be processed and used. They must also ensure that if a breach occurs it is reported to appropriate authorities within 72 hours.

     Since the EU law extends globally it is important that U.S. companies prepare now. If businesses do not prepare for the law they could find themselves being fined. The fines are considerable reaching up to 4% of their global annual turnover.

     In her blog GDPR for Dummies, Kate Bordwell, takes the very complex rules of the law and turns it into a practical and simple theme. She says the rules can be seen as following six themes.

  1. Know what you have, and why you have it.
  2. Manage data in a structured way.
  3. Know who is responsible for it.
  4. Encrypt what you wouldn’t want disclosed.
  5. Design a security aware culture.
  6. Be prepared... Expect the best but prepare for the worst.

     There a few key points to consider when thinking about the ramifications of the GDPR. If your company has a website and you are collecting cookies it is possible that you are collecting and processing Personally Identifiable Information. (PII) Under GDPR you will need to apply the six themes above to that data. It is also key to make sure in the process of collecting and processing data that you document the journey of the data. Consider making data maps as part of your data organization plan.

Document Document Document!
However, you decide to organize, process, and store your data it is imperative that you document your processes. Documentation will be critical should you encounter a breach.

     While many see the new law as a nuisance, it has far reaching implications when it comes to the protection of consumer data. If we see the law as an opportunity to improve the security of our client’s data then we have started to create a culture of security within our organizations. In the end the overall purpose of the law is to provide global protection for consumers. If as a result we begin to create a culture of security we all win.

Related

Developing and Calculating Your Backup Strategy

Did you know that 140,000 disk drives crash per week in the U.S.?  That’s a lot of lost data! Are y...

Read More >

Cybersecurity and the Ostrich Effect

If you can’t see it, it doesn’t exist, right? When an ostrich senses danger he buries hi...

Read More >

WANNACRYPTOR (WANNACRY) – RANSOMWARE

“In the most widespread attack to date, the WannaCryptor (WannaCry) ransomware family infected...

Read More >

Backups, Backups, Backups, Backups!

So you use Mozy, Carbonite or some other cheap online backup solution? Well that is a start but you ...

Read More >

Tek Tip - Illustrator Tool Arrow dropdown not working

In the latest update of  Adobe Illustrator CC 2015 the arrow which opens up the drop-down menu ...

Read More >

Good bye PBX, Hello SIP Based VOIP Systems

The day of complex equipment based phone systems are dead! We have been tricked into thinking that a...

Read More >
You need to login in order to comment
Sign up for our Newsletter
Name