General Data Protection Regulation ( GDPR) is the European Union’s (EU) new data regulation to provide personal data protection that is collected by entities. It will be enacted on May 25, 2018, and will have major implications for businesses that have connections with Europe. It specifies and unifies data protection regulation across all EU member states. It will replace the Data Protection Directive.
The GDPR includes in all organizations of all sizes that collect or process personal data in the EU. Any business fails to comply with the GDPR could face fines as large as €20M (~$22M) or 4% of global annual turnover (revenue) from the prior year.
GDPR automatically applies to any company (the U.S. or otherwise) that has established a business presence in the EU and to any company that controls or uses personal data of an individual who is in the EU.
GDPR aims to ensure that personal data is collected legally. Moreover, organizations that obtain personal data are required to secure it from different misuses
How can you comply with GDPR?
The answer is a simple that a well-educated employee is critical to maintaining a security policy. Therefore, cybersecurity training is the main way to comply with GDPR, being the most important line of protection as well. Also, the GDPR requires awareness training, and it’s the DPO’s responsibility. See article 39 section 1b below.
GDPR – Article 39
Tasks of the data protection officer
- The data protection officer shall have at least the following tasks:
| (a) |
to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions; |
| (b) |
to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits; |
| (c) |
to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35; |
| (d) to cooperate with the supervisory authority; |
| (e) |
to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter. |
Don’t forget, even if your organisation isn’t located in the EU, if you collect data from any EU resident, your organisation must be aware of the obligations to protect their personal information. Keepnet Labs can help your organisation quickly and effortlessly train employees on core components of security awareness training programs as well as strengthening your employees’ awareness of phishing attacks that can lead to data breaches.
According to a study by SANS, 95% of all attacks on enterprise systems are the result of successful spear phishing attacks. Phishing attacks continuing to be one of the common tools among cyber-criminals and has devastating consequences, and it not enough to fight with it with technical security measures alone. Therefore it is important to adopt user awareness programs to enhance users’ anti-phishing capabilities and turn them into valuable active cybersecurity defence assets.
“This post is originally published at www.keepnetlabs.com”
Teknoloji Haberleri