The General Data Protection Regulation (GDPR) was agreed upon by the European Parliament and Council in April 2016. Europe in general has always had more stringent rules on how companies use the personal data of its citizens. The GDPR replaces the EU’s Data Protection Directive. The new EU framework applies to organizations in all member-states. It has implications for businesses and individuals across Europe, and beyond.
It is a global standard
You have to account for all your data, wherever it resides. You need to know it is effective on May 25, 2018. What do you know so far? The GDPR itself contains 11 chapters and 91 articles. That is a lot to digest with all the other pieces of your job you need to stay on top of.
Here are some of the key articles and data protection requirements that GDPR includes:
Articles 23 & 30: Companies must have data protection measures to protect consumers’ personal data and privacy against loss or exposure.
Article 31: Requirements for data breaches including notify SAs of a personal data breach within 72 hours of learning of the breach with details they require.
Article 45: Requirements to international companies that collect or process EU citizens’ personal data.
Article 79: Penalties for GDPR non-compliance which can be severe, up to 4% of the violating company’s global annual revenue.
Everyone (small business to large enterprise) will need to be be aware of all GDPR requirements and be prepared to comply by May 2018. This applies to businesses in the EU as well as all businesses marketing services or goods to EU citizens. You must have an effective data governance strategy.
DO YOU HAVE A HANDLE ON YOUR DATA?
- Do you have a Data Loss Prevention (DLP) in place?
- Are you positive that it is securing all your sensitive data?
- Have you have it tested that it is working and will pass a GDPR audit?
iPRESIDIUM will help you navigate this challenge.
There are a lot of tools out there to help companies comply with GDPR. One of the services iPRESIDIUM offers is penetrations testing.
Penetration testing is ethical hacking designed to test your security. In this scenario one of the goals is to test how well your DLP is set up. This way if policies are not correct, or you have sensitive data in unexpected places, you have a chance to address it. Using a 3rd party professional service is the best way to test if you are GDPR ready.
There are reasons beyond GDPR to why you would want to do Penetration Testing. Other compliances are also asking for it like PCI-DSS and HIPAA. These requirements keep being updated because they’re needed to keep information safe. You don’t know how vulnerable you are until you let an ethical hacker do their thing. Better to have them test what you have than someone unethical. Unethical hackers are out there and they are making a lot of money.
It is a matter of fact; You need to take your security to the next level if you want to protect your reputation and stay in business. It’s not always fun but it is a reality and you would benefit from a partner that will walk you through the steps. Your IT team is busy, let us take this on to help.
iPRESIDIUM® has successfully met the security needs of over 50 US Federal agencies including the intelligence communities. Along with our many corporate clients, iPRESIDIUM® has established itself as an industry leader in the information security and services space. Our team of highly skilled and certified technologists bring an average of 20 plus years of industry expertise to iPRESIDIUM®.