From May 2018, all organizations that collect, store or process data of EU citizens must comply with the GDPR (General Data Protection Regulation). Do you know GDPR? Recent research of Smart Business and ZDN.net, shows that 65.5 percent of those questioned had never heard of GDPR and 29.3 percent only know the big picture. These are quite shocking figures given that the deadline of this GDPR compliance is very near.
The GDPR aims to protect the EU citizens when it comes to their personal integrity, even when they are staying in China. Today, we live in a digital age where data is extremely valuable and has become an integral part of everyday business. However, there are many vulnerabilities associated with this great collection of personal details. Old data protection legislations are no longer sufficient to protect the consumer’s/patient’s rights.
The Requirements of GDPR
The GDPR applies to the complete processing of personal data stored on premise or in the cloud, from collection to deletion. It requires organizations to deploy enhanced protection against security intrusions. If a breach occurs for example, the supervisory authority must be informed within 72 hours through a formal procedure. That is no easy task given the fact that it normally takes about 205 days before hacks are discovered. Moreover, only 31 percent of organizations discover data breaches themselves…
Furthermore, the GDPR requires companies to brief the subjects of such data breaches without undue delay so they can take the necessary precautions. The number of data subjects; the categories and the number of personal data records concerned; the contact details of the Data Protection Officer and the description of the consequences of the data breach, are examples of articles of the GDPR. This legislation also applies to organizations that are based outside of the European Union when they offer services to EU citizens.
What if non-compliant?
When businesses are not compliant, they can face fines of up to €20m or 4% of the parent company’s annual turnover. “As you see, the associated risks are immense. This is precisely why this is a concern of the entire board and management.” says Simen Van der Perre, GDPR Business Developer at SecureLink. “The efforts of the IT department alone are not enough. There has to be a holistic company-wide approach. IT are typically those who know where the data is and how it is processed, but GDPR compliance is a business related risk, affecting management, HR, legal, marketing, finance, etc. Therefore, you have to gain insight into all business data; where it resides, who has access and who is responsible for its integrity. Only then you can get a clear map of the business data landscape and its non-compliant areas.”
Why SecureLink as your specialized advisor
“It is certainly not our intention to use the GDPR to scare customers into doing or buying things, on the contrary”, says Van der Perre. As a specialized security advisor, SecureLink can clearly demonstrate the importance of compliance and we have the right knowledge to guide you towards a smart and efficient approach. We are not legal advisors, we are security specialists. Our focus is on data protection, from a risk-based and technical point of view. Today, we are well educated on the regulation and we can advise and guide our customers towards a customized compliance action plan. That plan may include elements that are not part of the SecureLink portfolio, but it may still be relevant to our customers (e.g. appointing a Data Protection Officer). Other items may point directly in our direction. We provide multiple solutions that securely process, store and monitor your data as specified in the GDPR.