What is GDPR?
The EU General Data Protection Regulation is a regulation by which the European Commission intends to strengthen/unify data protection for individuals within the European Union.
GDPR Summary: The new GDPR is an evolution of the EU’s existing data rules, the Data Protection Directive. It addresses many of the shortcomings in the DPD, adding requirements for documenting IT procedures, performing risk assessments under certain conditions, notifying the consumer and authorities when there is a breach, as well as strengthening rules for data minimisation.
THESE NEW REGULATIONS COME INTO EFFECT ON THE 25TH OF MAY 2018.
WHAT HAPPENS IF I DON'T COMPLY WITH THE EU GDPR?
The GDPR has a tiered penalty structure that will take a large sum of money from the offenders funds – and the EU GDPR rules apply to both data controllers and processors that is ‘the cloud’ therefore huge cloud providers are NOT off the hook when it comes to GDPR enforcement.
NON-COMPLIANCE RESULTS IN FINES OF UP TO 4% OF GLOBAL REVENUE.
HOW CAN WE HELP?
Below is a sample of how Asystec and Varonis can help your organisation address the new General Data Protection Rules:
- GDPR requires organisations to respond to subject access requests and delete personal data on request- Article 15 states ‘right of access by the data subject’. Varonis DatAnswers allows you to index information, search information, and find the right information.
- Article 33 of GDPR requires all companies to be able to report a data breach in 72 hours? Varonis’ User Behaviour Analytics and DatAlert suite detects abnormal data breach activity policy violations and real-time alert as it happens
- Article 35 of GDPR requires all organisations to conduct regular data protection impact/risk assessments. Varonis DatAdvantage and Data Classification Framework allows you to conduct regular quantified data risk assessments.
- GDPR requires organisations to respond to subject access requests and delete personal data on request. Article 17 states the subjects right to erasure and to be ‘forgotten’. Varonis DatAnswers and Data Transport Engine allows you to find it, flag it, and remove it!
- GDPR requires privacy by design and accountability by design for personal data. This means there must be data owners in the business and policies for least privileged access to personal data. Article 30 states you must keep records of processing activities. Varonis DatAdvantage and Data Classification framework allows you to create an asset register of sensitive files, understand who has access, know who is accessing it, know when data can and should be deleted.