GDPR (General Data Protection Regulation)
Security and compliance professionals
By May 2018, new laws will extend personal data rights for all EU citizens.
Your mission – and you should choose to accept it – is to get up to speed and comply with them. The penalties for failure are signifcant.
GDPR: cracking the code
Pay close attention. The new General Data Protection Regulation (GDPR)
will introduce major new laws that apply to all organisations that:
are based in the European Economic Area.
target European Union (EU) markets or consumers.
The laws give many new personal data rights to EU citizens, including the right to withdraw consent, easier access to their data, and the right to know if their data has been compromised by a cyber attack. And that’s just the start.
The cost of a slip-up
Penalties for non-compliance with GDPR will be severe.
For example, if your organisation fails to report a data
breach within 72 hours, you can expect a fine.
Fines can reach 4% of your annual turnover or €20 million.
Whichever is higher.
Assemble your team
It’s time to get busy. You’ll need a roadmap to achieve compliance with
GDPR. So line up your agents and focus.
Task 1. Get experts in to help you evaluate your existing processes and policies.
Task 2. Study the GDPR guidelines and how your current structure compares to what is required.
Task 3. Work out the steps needed for you to become compliant.
This isn’t a covert operation. Brief your employees on the important role they play in protecting customer data. There can be no leaks.
EU law, global reach
If this is an EU law, does being outside of the EU mean you can dodge this mission?
In short, no.
It’s not about where you are, it’s about who you are targeting. If you are transporting and collecting data on EU citizens, then GDPR is for you.
Note that ‘personal data’ is used broadly. Bank account details, email addresses, sensitive personal information, IP addresses... Your mission scope is wide.
How to accomplish your mission
The core of this mission is about managing risk and setting up security policies in your business. There are no short cuts.
Among other requirements, you may need to appoint a data protection officer who:
is distinct from a risk officer and most existing IT functions.
sits outside the boardroom.
answers to GDPR, not to roles.
GDPR was introduced to make businesses take the protection of data against rising cybercrime more seriously.
The average time to detect a data breach is currently 100 days. Cisco brings that down to 3.5 hours. Talk to us about how you can detect more of what you can’t see.
Do not compromise yourself. Comply
Remember, by acting now you can set your organisation up to detect and neutralise breaches a whole lot better. Being secure helps you to be compliant with GDPR, but being compliant does not make you secure.
Discover more about how ng experts protects you against attacks