GDPR the basics?
Denise Belgacem
Business Development - focused on winning the battle against wasted time and disorganization!
Did you know that Europe's General Data Protection Regulation (GDPR) comes into effect May 25, 2018?
Most of the elements of the new regulation are just good data protection practice. The laws are a necessary response to advances in technology designed to protect consumer privacy and customers will expect organisations to maintain these high levels of security going forward.
GDPR: the basics
GDPR will introduce the biggest shake-up of Europe’s patchwork of data protection laws in a generation. Specifically, it will introduce severe penalties for non-compliance and new concepts such as the right to be forgotten.
Here’s a quick breakdown of some of the biggest changes it will bring about:
- Organisations which breach the GDPR will be fined 4% of annual global turnover or €20 million – whichever is higher
- Mandatory breach notifications within 72 hours
- Mandatory appointment of data protection officers for large firms
- Right to be forgotten
- Right to data portability
- Multinationals will only need to report to one national privacy regulator – in the country they’re headquartered
If you are still wondering where to start, here’s a handy checklist:
- Conduct a data audit to find out what data your organisation holds and how you are using it
- Classify data according to sensitivity and your organisation’s risk appetite
- Update DLP technologies to help prevent leaks
- Improve staff awareness and user education training programs with data protection focus
- Restrict number of privileged accounts and roll-out strong authentication (eg 2FA) for those accounts
- Roll-out mobile device management to ensure mobiles are covered by new rules
- Run regular pen tests to check the resilience of systems
- Develop an incident response plan to ensure you can report within 72 hours. Involve key stakeholders including legal, HR, PR teams etc…
- Consider advanced server-side technologies like Deep Security to lock down risk across physical, virtual and cloud environments from a single console.
For more information on Europe's General Data Protection Regulations (GDPR) click below:
Sr. Director of Regulatory Affairs at Johnson & Johnson Vision
7ythanks for the overview, very helpful