General Data Protection Regulation ( GDPR) is the European Union’s (EU) new data regulation to provide personal data protection that is collected by entities. It will be enacted on May 25, 2018, and will have major implications for businesses that have connections with Europe. It specifies and unifies data protection regulation across all EU member states. It will replace the Data Protection Directive.
The GDPR includes in all organizations of all sizes that collect or process personal data in the EU. Any business fails to comply with the GDPR could face fines as large as €20M (~$22M) or 4% of global annual turnover (revenue) from the prior year.
GDPR automatically applies to any company (the U.S. or otherwise) that has established a business presence in the EU and to any company that controls or uses personal data of an individual who is in the EU.
GDPR aims to ensure that personal data is collected legally. Moreover, organizations that obtain personal data are required to secure it from different misuses
How can you comply with GDPR?
The answer is a simple that a well-educated employee is critical to maintaining a security policy. Therefore, cybersecurity training is the main way to comply with GDPR, being the most important line of protection as well. Also, the GDPR requires awareness training, and it’s the DPO’s responsibility. See article 39 section 1b below.
GDPR – Article 39
Tasks of the data protection officer
- The data protection officer shall have at least the following tasks:
(a) | to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions; |
(b) | to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits; |
(c) | to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35; |
(d) to cooperate with the supervisory authority; |
(e) | to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter. |
Don’t forget, even if your organisation isn’t located in the EU, if you collect data from any EU resident, your organisation must be aware of the obligations to protect their personal information. Keepnet Labs can help your organisation quickly and effortlessly train employees on core components of security awareness training programs as well as strengthening your employees’ awareness of phishing attacks that can lead to data breaches.
According to a study by SANS, 95% of all attacks on enterprise systems are the result of successful spear phishing attacks. Phishing attacks continuing to be one of the common tools among cyber-criminals and has devastating consequences, and it not enough to fight with it with technical security measures alone. Therefore it is important to adopt user awareness programs to enhance users’ anti-phishing capabilities and turn them into valuable active cybersecurity defence assets.
“This post is originally published at www.keepnetlabs.com”
Teknoloji Haberleri
- Qualcomm, Windows PC'ler için yeni Snapdragon X sürprizleri hazırlıyorQualcomm'un PC'lere sızma planının ilk ayağı olan Snapdragon X işlemcileri hakkında duymadığımız pek çok planı var gibi görünüyor. Şirket, Intel ve AMD'nin karşısında çok güçlü olmak için tüm gücüyle Snapdragon X'e yüklenmeye devam edecek.
- Laptoplarda, telefonlarda ve hatta bebek koltuklarında bile bulunan gizli tehlikeBilim insanları, laptoplar, bebek ürünleri veya akıllı telefonlarda kullanılan bazı zehirli kimyasalların, insan derisinden vücuda geçebileceğini kanıtladılar.
- AMD'nin gelecek nesil canavarlarının özellikleri sızdırıldıKod adı “Strix Halo” olan gelecek nesil Ryzen APU'ların teknik özellikleri sızdırıldı. Sızdırılan bilgilere bakılırsa yeni canavarlar, gerçek anlamda çok güçlü olacak.
- Maymunlar Cehennemi hayranlarını şaşırtan karakterMaymunlar Cehennemi filmleri ya da kitabı klasik, unutulmaz karakterlerle dolu bir dünya tasvir ediyor. Ama orijinal filmde bulunan ve önemsiz gibi görünen bir karakterin aslında çok daha fazlası olduğunu, Beware the Planet of Apes ile öğrendik.
- Dünyanın en büyük 3D yazıcısı, sadece 80 saatte koca bir evi inşa edebiliyorMaine Üniversitesi tarafından geliştirilen dünyanın en büyük yazıcısı FoF 1.0 tanıtıldı. Yazıcı, 80 saatlik bir çalışma ile tek katlı bir evi gerçeğe dönüştürebiliyor.