Get Ready for The New General Data Protection Regulation (GDPR) Law - The Tek > Blogs
X

Blogs

Sign up for our Newsletter
Name

20Feb

Get Ready for The New General Data Protection Regulation (GDPR) Law

Security | 0 Comments | | Return |

Get Ready for The New
General Data Protection Regulation (GDPR) Law

- by:  Rick Miller

     GDPRA new law enacted by the European Union known as the General Data Protection Regulation or (GDPR), is set to go into effect on May 2018. The law is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

     It has far reaching effects on how companies collect, protect, and utilize data around the globe. For U.S. based companies there are several key issues to keep in mind. Remember this law extends beyond the E.U., so U.S. firms collecting and processing private data that involves E.U. citizens are liable under the new law. Because the law extends beyond the E.U., it is the first global data protection law.

     The first thing to understand about the law is that it expands the definition of personal data. The GDPR defines personal data as, “any data that can be used to identify an individual. That includes genetic, mental, cultural, economic or social information.” ComputerWeekly.com

      Another stipulation of the GDPR is that organizations must get clear consent to process collected data. Organizations must explain what personal data they are collecting and how it will be processed and used. They must also ensure that if a breach occurs it is reported to appropriate authorities within 72 hours.

     Since the EU law extends globally it is important that U.S. companies prepare now. If businesses do not prepare for the law they could find themselves being fined. The fines are considerable reaching up to 4% of their global annual turnover.

     In her blog GDPR for Dummies, Kate Bordwell, takes the very complex rules of the law and turns it into a practical and simple theme. She says the rules can be seen as following six themes.

  1. Know what you have, and why you have it.
  2. Manage data in a structured way.
  3. Know who is responsible for it.
  4. Encrypt what you wouldn’t want disclosed.
  5. Design a security aware culture.
  6. Be prepared... Expect the best but prepare for the worst.

     There a few key points to consider when thinking about the ramifications of the GDPR. If your company has a website and you are collecting cookies it is possible that you are collecting and processing Personally Identifiable Information. (PII) Under GDPR you will need to apply the six themes above to that data. It is also key to make sure in the process of collecting and processing data that you document the journey of the data. Consider making data maps as part of your data organization plan.

Document Document Document!
However, you decide to organize, process, and store your data it is imperative that you document your processes. Documentation will be critical should you encounter a breach.

     While many see the new law as a nuisance, it has far reaching implications when it comes to the protection of consumer data. If we see the law as an opportunity to improve the security of our client’s data then we have started to create a culture of security within our organizations. In the end the overall purpose of the law is to provide global protection for consumers. If as a result we begin to create a culture of security we all win.

Related

SMBs, Cyber Security, & Awareness

SMBs, Cyber Security, & AwarenessWhile at a Cyber security conference recently, I attended a sem...

Read More >

Why SMBs Need to Get Wise to the New Threat Landscape

The cybersecurity landscape changes every day, with new actors, new threats, new schemes, and new wa...

Read More >

Open Letter: MSP to MSP—The Future is Here! Are you Ready?

Our world is changing. We are facing an environment where we have to be more than managed service pr...

Read More >

Cybersecurity and the Ostrich Effect

If you can’t see it, it doesn’t exist, right? When an ostrich senses danger he buries hi...

Read More >

Anti-Virus vs Anti-Virus

By Rick Miller.....  Is it possible that the anti-virus you are running at your business is obs...

Read More >

Data Restoration

You just clicked on a link that contained malware. Your computer screen turns red. You are the victi...

Read More >
You need to login in order to comment