What is the GDPR?
The General Data Protection Regulation, (GDPR) requires organizations to protect personal data and the privacy of European Union (EU) citizens on transactions occurring within EU member states. Effective May 25, 2018, this regulation replaces the data protection directive from 1995, and consists of 99 articles, adding responsibilities and in some cases new roles to organizations.
Essentially, data protection will become a fundamental right and this regulation not only protects the rights and freedom of that data, but it also:
- Defines the process/steps dataholders must take to protect data
- Stresses enforcement expectations of the GDPR
- Allows for larger fines to be enforced
- Requires disclosures for data security breaches
Personal data, as defined by the GDPR, is any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Who is affected?
Though many businesses think of the GDPR as only applicable to companies located in the EU, this has the potential to affect many organizations due to the requirements of protecting, storing, and processing customers' personal data - regardless of location. And though each organization uses data differently, the outcome of using data and how it is handled will be same:Per the GDPR, if you process data about individuals in the context of selling goods or services to citizens in EU countries, then you will need to comply with the GDPR. GDPR compliance is required if your organization:
- Monitors the behavior of EU data subjects
- Processes personal data of data subjects residing in the EU
- Holds/Stores personal data of data subjects residing in the EU
What are the Penalties?The fine for organizations in breach of GDPR can vary, as a tiered-approach exists, and can be based upon other GDPR regulations not being met. The maximum fine peaks at 4% of annual global turnover or €20 million, with the greater of the two being the penalty.
What you Need to Know
- Deadline for compliance is May 25, 2018
- Any organization that processes or collects EU citizen data is required to comply with GDPR.*
- Penalties can go to up to €20 million, or 4% of global annual turnover for the preceding financial year, whichever is the greater.
- Consent conditions are more powerful, and must be clear and concise.
- If you have not begun to plan for GDPR implementation, you should begin now.
- Data Subjects have increased rights which include but are not limited to:
- Breach notification within 72 hours
- Transparency of data
- Right to be Forgotten(Data Erasure)
- Data Portability
- Inclusion of data protection in system design phase
- Data Protection Officers (DPOs)
- Requirements for DPOs vary, see GDPR for full requirements.
*Previously, the data protection direction did not cover as large of a territory, and now covers the personal data of those who reside in the EU.
How File Integrity Monitoring Helps With GDPR Compliance
FILE INTEGRITY MONITORING: With File Integrity monitoring, you will know when changes are made to systems or files the moment those changes are made. With CimTrak's Trusted File Registry, you'll have the ability to know if changes could be malware, a hack attempt, malicious software, human error, or legitimate OS related patches/changes. CimTrak gives you the ability to remediate those changes.
CHANGE CONTROL: Managing change is critical, and with the GPDR compliance, it won't get any easier. CimTrak provides Complete Change Reporting, Proactive Control Options, Advanced Ticketing Capabilities, and Keeps Your System Secure and Running. Want to Learn More about File Integrity Monitoring? Download our Definitive Guide to File Integrity Monitoring today.
October 12, 2017