Stay service-savvy
Get all the latest news and insights straight to your inbox.
It is important to note that meeting the security standards is not just about technology solutions, it is also about the people within your company and the processes which everyone need to be aligned to. This involves training and plenty of communication to ensure your employees are aware of their responsibilities.
Before we get started, let’s establish exactly what the EU General Data Protection Regulation is and why you should bother to pay it any attention at all.
The GDPR was approved and adopted by the EU Parliament in April 2016 and the UK government has confirmed that the regulation will take effect regardless of Brexit. This is the most significant privacy regulation update in the past 20 years, period. With the increasing number of organisations operating across borders on an international level, it is crucial to have consistent laws and regulations around data protection in place. Therefore, the regulation doesn’t apply only to organisations located within the EU but to any company that handles, stores or processes personal data and information on EU citizens.
The consequences of a GDPR non-compliance will be much more severe than the penalties introduced by the Data Protection Act (DPA). The maximum fine that can be imposed for very serious infringements is up to 4% of the annual global turnover or 20 million Euro, whichever is greater. The new law also requires that notifiable breaches have to be reported to the relevant authorities within 72 hours of the company becoming aware of it. Failing to notify about a breach in this time frame can result in a significant fine of up to 2% of the global annual turnover (or 10 million Euro).
Besides the encryption of personal data, the regulation requires the restriction of access to personal data. Your system is as safe as your weakest link, and we know that privileged users are the most common culprits for misuse in any organisation. No matter how well you try to protect your organisation, a breach is extremely likely to happen at some point, therefore the key is to understand how to detect breaches in real time and prevent them from happening.
Dedicated solutions for managing privileged users and sensitive information ensure the strongest level of security for those who have the highest level of data access and editing powers. Therefore, controllers and processors should have some level of user authorisation and a monitoring process. Companies will need to protect data in the same way that they protect critical infrastructure assets, requiring users with access to personal data to be monitored.
Get all the latest news and insights straight to your inbox.