GDPR & Cybersecurity
What is GDPR compliance?
GDPR stands for General Data Protection Regulation. It was an agreement first proposed to the EU in December 2015 and will be implemented this May. The intent of GDPR is to bring together and update existing data protection regulations within the EU, ensuring they reflect how companies now engage with data and digital developments. Hopefully, this will mean EU citizens have more control and transparency when it comes to their data.
These new regulations apply to all businesses that deal with data of EU citizens, but will impact certain sectors more than others. For example, legal firms deal with large amounts of data, often of a highly sensitive nature, and they will need to implement GDPR to ensure this data is properly protected.
How do you become GDPR compliant?
Different companies will need to adhere to different aspects of GDPR depending on their size and how they deal with client data. However, there are key elements that organisations of all sizes will need to consider:
- Organisations will have to gain consent from clients to use and store their data, as well as be clear on how it is being used
- If a breach occurs, the local data protection authority must be notified within 72 hours of it being discovered
- Clients have the right to request their data be deleted and no longer shared with third parties who, in turn, must delete the data
- Privacy and security must now be built into all products and processes. Data should not be held for any longer than needed and only the minimum amount of information for the purpose required should be collected
What can happen if you aren’t compliant with GDPR?
If a breach is suffered, organisations will have to inform the local data protection authority and owners of breached records. In addition, companies could be fined up to 4% of global turnover or €20 million for extremely severe breaches.
If organisations have properly implemented security measures, this can reduce the consequences if data is breached.
How we can help you
As many of you will already be aware, Internetivo follows ISO 27032 Cybersecurity Guidelines. Being successful in ISO 27032 has placed Internetivo in a strong position as we move towards GDPR which will directly affect every business from 25th May 2018.
At Internetivo, we pride ourselves in taking proactive and positive steps in ensuring your data is protected during both rest and transmission. Internetivo protects data by design through significant assessment of identified risks and risk controls. What this means is that additional controls will be necessary in order to authenticate the retrieval of your data once we send that data to you. This is not a significant change for Internetivo, but we hope that all clients will understand the need for such security measures, as we do our utmost to protect and secure your data.
Should any data breach or suspected data breach occur, we will inform the client immediately in order to take any preventative measures and minimise loss and/or exposure. As with every new client, we undertake a full risk assessment and agree terms of data transmission and data retention periods together in partnership.
Internetivo takes data protection and information security seriously. Our reputation for security is globally reaching and reflects our status as a trusted business.
ISO 27032 Cybersecurity
internetivo, gdpr, cybersecurity, training, iso27032, iso27001, cyberaware, hack1ng, data, protection, europe, regulations, law