General Data Protection Regulation
WHAT IS GDPR?
“The protection of natural persons in relation to the processing of personal data is a fundamental right.Article 8(1) of the Charter of Fundamental Rights of the European Union (the 'Charter') and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU)…
The processing of personal data should be designed to serve mankind.”
Page 1, Recital 1 GDPR
Basic Digital Record
WHAT ARE COMPANIES REALLY SELLING?
AREAS OF THE GDPR
HOW DATA SECURITY TOOLS CAN BE USED TO BECOME GDPR COMPLIANT
The problem now is how to secure sensitive data that your organization hold, shares and processes.
We know that data is vulnerable when shared by our email, file transfer, online collaboration, etc. but these processes are essential to many organizations functions.
THREE STEPS TO BE GDPR COMPLIANT
Understand your Data
Secure your Data
Report your Data
UNDERSTAND YOUR DATA
"GDPR requires that organizations know what personal data they hold" (Article 9)
Identify the personal data that you hold so that you are able to treat it separately from other data and then classify personal data at a higher level of sensitivity.
SECURE YOUR DATA
"GDPR identifies encryption as appropriate tecnology for protecting personal data " (Article 30 Section 1)
-Adopt encryption solutions that your end users can work with.
-Use policies and automatic encryption to massivaly reduce the risk of a breach.
-Ensure you'll have the ability to search, index and correlate encrypted personal data.
REPORT YOUR DATA
Auditing activity relating to personal data is critical aspect of GDPR.
-Keep detailed records of the processing conducted on personal data.
-GDPR implies that good record keeping will be considered as a mitigating circumstance in the case of a data breach, reducing or avoiding a fine.
GDPR STARTING POINT FOR I.T.
Personal Data inventory indicates where your personal data is stored, where it resides.
Implementation of Technical and Organisational controls indicates how we have to implement these new regulations.
Data Protection Impact Assessment is how the companies are going to deal with these new regulations.
Companies in case of data breaches need to be ready to report it.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay.
The "Right to erasure ('right to be forgotten')"
For more information read the Article 17 of the GDPR here
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
The "Notification of a personal data breach to the supervisory authority"
For more information read the Article 33 of the GDPR here
YOU FOR YOUR ATTENTION