Breaking down GDPR compliance
to align Security and Privacy programs
At a glance:
As of May 25, 2018 the GDPR accountability principle has taken effect. organizations are required to demonstrate compliance with the appropriate measures in place.
Today, organizations work to understand how these requirements fit into their current information security and privacy program and develop a plan to reach and maintain compliance.
Even if your organization does not have a location in the EU, the new regulation will have extraterritorial application as it applies to any entity or data controller — inside or outside the EU — that monitors the behaviour or offers goods or services to EU residents, and therefore processes any of their personal data. Fines for non-compliance with the GDPR can reach 4% of the company’s annual worldwide turnover or €20 million, whichever is higher.
Demonstrate adherence to GDPR’s standards with DefSlate.
DefSlate helps organizations achieve business objectives and compliance through our extensive experience in cyber security strategy, incident response, risk and compliance, security consulting, training and support.
Preparation for GDPR compliance requires technology, processes and people. By first addressing and understanding your gaps, we create a strategic roadmap to enable execution. In turn providing a GDPR readiness review to meet GDPR requirements, cost effectively, strategically and aligned to the organization’s needs.
Key Points to the GDPR
Privacy By Design:
GDPR is built to protect the Personal Data of EU citizens. All data such as name, email, medical details processed should be building privacy from the start in all systems. Provided by default for all users.
Additionally, organizations should only keep the personal data they require. Once the data is no longer needed, the data should erased or anonymized
Right To Erasure:
GDPR included a right to erasure. This means that users can request their Personal Data to be erased from an organization. In addition, consent is required for the Personal Data, and it should also provide ease of consent for withdrawal as well if the user wished to do so.
Breach Notification Requirements
Along with the requirements for data safety, GDPR also included breach notification rules. In the event of a Personal Data Breach, it must be reported the Supervisory Authority of the EU member states affected within 72 hours of the breach’s discovery. Depending on the severity of the breach, organizations might also require to notify the affected users as well.
How we help you get compliant with GDPR
Understand your network and the scope of the data you have
Ensure that you understand your infrastructure and the scope of the data your organization stores. Once you have an understanding of the scope, monitoring can be started to implement to make sure there is no unauthorized access.
Assess the strength of controls and programs
Make sure to test and assess the sufficiency of critical security measures and programs in place. Not only technology, but people and processes, too. Ensure to scan for vulnerabilities and weak spots regularly and address any gaps. Not only will it make compliant in the eyes of the law, but it’s never a bad idea to continuously be evolving your security.
Formalize and practice notification processes
In the case of a breach, it is best to take a proactive approach, rather than reactive. It’s best to be prepared for the worst-case scenario ahead of time. Prepare a formalized data breach notification process, make sure to test it out on a few trials, and be sure it included response and incident detection capabilities.
Got a Challenge?
Get in touch
- +370 680 33980; +370 682 43152
- Studentu str. 67, Kaunas, Lithuania
- PGP: A8BE D433 DA69 32ED B070 1938 33C2 63BC 3AF4 65B0
Thank you for your interest in DefSlate cyber security solutions and services. If you would like to find out more, contact us directly, or please take a moment to complete our form and we will get in touch with you promptly.