All

RECENT NEWS

Vendor announcements, headtechnology news, industry analytics, technology presentations and corporate press-release - stay up-to-date with the latest in IT Security announcements, advancements and researches.

Why GDPR is useful for you

The EU General Data Protection Regulation (GDPR) will come into force on 25th May 2018.

23.05.2018

This regulation, which applies to 28 EU countries, will replace the Framework Directive on the personal data protection # 95/46 / EC as of October 24, 1995. Companies targeting the European or international market should pay particular  attention to the new European rules for processing personal data. Its action extends to companies that are located anywhere, if they store the data of European citizens and offer them goods / services or track their behavior on the network. This approach is not new. For example, Canada already practiced it in its anti-spam law CASL. However, the GDPR increases the scale and consequences of applying such a mechanism.

What is personal according to GDPR?

Personal data is any information that relates to an identified or identifiable individual.

This  can include:

  • Name 
  • address and phone number 
  • location 
  • health records 
  • income and banking information 
  • cultural preferences 
  • … and more.

The GDPR is also technology neutral, meaning it protects personal data regardless of the technology used or how the personal data is stored. Regardless of whether your business processes and stores personal data using a complex IT system or via paper-based files, you will be governed by the GDPR.

What changes will GDPR require?

Fixed in GDPR  privacy by default and privacy by design require to lay the software-related mechanism in the development process. Limited access to personal data should be in any service option by default, rather than an additional button that the user can turn on at his discretion. Some provisions of the GDPR tell us about the anonymization of some types of data, and if for security reasons certain types of data should be stored separately, then it is necessary to store them in different places.

The policy that the user reads by agreeing to the processing of data must be expressed in an understandable and easily digestible form without 20-page canvases written in a dry and little-understood official language.

The consent that the user gives must be necessarily expressed in the active action. In practice, this can be manifested in a very insignificant, at first glance, trivia - the checkbox opposite the phrase "I agree with the processing of data and got acquainted with the resource rules" should not be pre-affixed.

The company will need to establish a position of Data Protection Officer (DPO) - an employee who will be responsible for the legal processing and data security. Data Breach Notification - a notice of hacking  must be sent to the competent authority immediately, but not later than 72 hours, as well as to the user whose rights this may affect.

And yet, does the GDPR really have a positive effect, let's try together to understand this issue?

How does the GDPR help reduce costs?

The GDPR takes into consideration the needs of businesses. For example, the regulation aims to remove administrative requirements in order to reduce costs and minimise the administrative burden:

  • No more prior notifications: the reform scraps most prior notifications to supervisory authorities, along with their associated costs.
  • Data Protection Officers: companies mainly need to appoint a DPO if their core activities involve processing sensitive data on a large scale or involve the large-scale, regular and systematic monitoring of individuals. Public administrations have an obligation to appoint a DPO. 
  • Data Protection Impact Assessments: companies are only obliged to carry out a Data Protection Impact Assessment if a proposed data processing activity involves a high risk to the rights and freedoms of individuals. 
  • Record keeping: companies with less than 250 employees are not required to keep records unless the data processing is not incidental or involves sensitive information.

More accurate data

Due to GDPR, the information stored in the company's database will be more accurate. This will allow customers not only to access their personal data, but also to check the stored files. All incoming data will be systematically verified and amended, which will bring to a new level the accuracy of the stored data. After the introduction of the GDPR, one of the main advantages for the business will be an improved account of consumers' data. Ultimately, this will help establish a trusting relationship between companies and their customers. As for economic benefits, the new legislation will help businesses better protect themselves and rethink the value of consumer data.

What do you need to do now?

The first step of the organization is to develop a concept and strategy for implementing the program of compliance with the requirements of the GDPR regulation on the basis of a mature assessment of economic goals achievable with the use of personal data, risk positions and all existing obligations.

Then, organizations should start working on four key areas:

  1. A call to action: involving senior-level stakeholders from various fields in the implementation of compliance programs with the requirements of the GDPR regulations;
  2. assessment of the lag of existing technological resources from the functional requirements of the GDPR;
  3. prioritizing and sequencing the implementation of changes through cost-benefit analysis;
  4. development and mobilization of a program for introducing changes to comply with the requirements of the GDPR.

Personal data is, of course, the "currency" of the modern economy. And if you collect user data in any form, you must carefully monitor their safety in order to avoid leaks and possible manipulation by third parties. More detailed information on GDPR you can get in the record of the webinar from the company Aсcellion.

Go to regional site
OK (Redirect in 3 sec)
Cancel

headtechnology UA

Levanevskogo Str., 6, office 79

03058 Kiev, Ukraine

tel.: +38 044 353 30 20

fax: +38 044 457 85 41

mail: info@headtechnology.com.ua

  • All

  • Hard

  • SaaS

  • Soft

  • Virtual