SlideShare une entreprise Scribd logo

The Countdown to the GDPR Regulations

E
Elliot Reeman

The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.

Technologie
1  sur  4
Télécharger pour lire hors ligne
If you are in the IT business and you have not yet heard of General Data Protection Regulations (GDPR), you might need to read this ASAP. If you have heard of it but are not sure what it is all about, this is a good time to get educated. A Gartner study predicts that more than 50% of companies covered by GDPR will not be in full compliance by the end of 2018. Another study by SAS reports that only 45% of companies surveyed have a structure in place and 58% admit that they are not aware of the consequences for non compliance. Like most government regulations, GDPR is long and complex. GDPR bestows new and specific rights to data subjects and requires new controls be put in place by data controllers and processors. Specifically, here is how the regulation defines personal data. “Personal data is any information that can identify an individual person. This includes a name, an ID number, location data, (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.” Note that this definition is quite broad and will require significant changes in IT process and organization. As with many laws and regulations, ignorance is no excuse. Further, GDPR consequences for non compliance are significant. Therefore, it is recommended to spend some time understanding this regulation, officially called “Regulation (EU) 2016 679.” In the mean time, here are a few key points. GDPR was passed by the European Commission, The Council of the European Union and the European Parliament. It is broad in its scope and reach across the EU and consequences for non-compliance can be severe. Although the GDPR was passed in April of 2016, it does not take effect until May 25, 2018. In the mean time, lets take a quick look at the purpose, scope and consequences for non-compliance. GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objective of the regulation is to give residents control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. In general, regulatory compliance can be cumbersome and costly. The GDPR, however unifies data protection regulations across the EU making it easier for international companies to understand and comply with one rather than many conflicting regulations. GDPR consolidates the cyber security and privacy regulatory environment and standardizes penalties for non-compliance. Sanctions for breach can range from a warning for first offense or non- intended non-compliance to fines up to 10,000,000 euro. The most significant change from previous regulations thatGDPRaddstootherregulationsistheaccountability principle. Organizations will be required to show how they comply with the principles by documenting decisions taken about a processing activity. Counting Down to GDPR in the EU www.networkcritical.com
Who Needs to Comply? Organizations that collect data from EU residents (controllers) and organizations that process data on behalf of controllers (processors) such as cloud service providers and similar contractors are governed by this regulation. Even organizations based outside the EU that collect personal data from EU citizens are held accountable for GDPR compliance. It does not matter if your organization is small or global. If your business is deemed a “controller” or a “processor” you must comply with GDPR. The UK confirmed that the decision to leave the European Union will not affect the requirements to implement GDPR. Key Points Here are some thoughts consolidated from various sources to keep in mind while you prepare for GDPR compliance: ◆◆ Who is Responsible for GDPR Compliance - As stated above, all companies processing or controlling personal data that have customers in the EU need to comply. Even companies in the UK post Brexit who have customers in the EU will be governed by GDPR. ◆◆ Data subjects rights - Data subjects are customers who provide personal data to a company. Data subjects have expanded privacy rights including the right of erasure, the right to access their data, and to question decisions made purely on algorithmic basis. ◆◆ Internal record keeping requirements - There are specific record keeping requirements that may include the appointment of a Data Protection Officer in order to manage compliance, audits and record keeping. These regulations are broad and penalties are severe. Cross functional requirements will likely require a specialist who will manage compliance throughout the organization. ◆◆ Cross Border Data Processing - When utilizing data processors outside of the EU, companies need to be sure that GDPR regulations are followed. ◆◆ Training - There will be new rights bestowed upon data subjects. Staff must be trained to understand and comply with these rights when requested. ◆◆ Pseudonymisation - This is a GDPR requirement to help keep data subjects information safe. While subjects data is under the control of a processor or a controller it shall be pseudonymized. This is another word for encryption or other methods of disguising data so it can not be attributed to a specific data subject without a key. Further the key must be kept separately from the pseudonymized data. Essentially, don’t encrypt data then keep the key with the encrypted data. This idea sounds simple but it is surprising how often hackers find the keys to the safe sitting on top of the safe. Rights of Data Subjects In addition to the data protection requirements, GDPR includes individual protections like a data subject bill of rights. GDPR sets out specific rights with which processors and controllers must comply. These data subject individual rights include: ◆◆ The right to be informed about what is being done with data, ◆◆ The right of access, ◆◆ The right to rectification, ◆◆ The right to erasure, ◆◆ The right to restrict processing, ◆◆ The right to data portability, ◆◆ The right to object, ◆◆ Other rights related to automated decision making and profiling. As you can see from this list, data subjects have new power over their personal data held by processors and controllers. For years, organizations had little Counting Down to GDPR in the EU W03-1217-01 2017 Network Critical Solutions Ltd. All rights reserved
direct responsibility to the data subject regarding their personal information. Therefore, the controls on access and management of that data has been typically lax. It will now be important for these organizations to establish processes that will keep records current and delete or archive information that is not active. Many organizations keep all customer/subject data in the files for use with outbound marketing, sales and other customer outreach functions. Often, there are few restrictions within the organization regarding who has access to that information and how it is used. That will change under GDPR. It will be prudent to set specific policies regarding how long data subject data should be in active files and whether or when it should be deleted or archived. The type and frequency of outreach to the data subject for permission to update and maintain their information should also be considered. Access to stored information is a process that will likely change in many organizations. Historically, customer data is readily available to anyone in the organization with a computer. With increased scrutiny on protection of customer information, it may be a good idea to develop strict data access policies throughout the organization. A good example is the Equifax breach in the United States where 450 million customer records were stolen. The damage here could have been greatly reduced if access to that information were segmented and layered. Even if one access level were breached, other levels may have still been protected. No one in any organization has a need for permanent permission to access all the data all the time. Determine Lawful Basis Under GDPR, organizations will be required to determine and document a lawful basis for processing personal information. The lawfulness of processing conditions include: ◆◆ Consent of the data subject ◆◆ Processing is necessary for the performance of a con- tract with the subject ◆◆ Processing is necessary to be in compliance with a legal obligation ◆◆ Processing is necessary to protect the vital interests of a data subject or another person ◆◆ Processing is necessary in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ◆◆ Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, ex- cept where such interests are overridden by the inter- ests, rights or freedoms of the data subject. There are other special categories of data which have their own special conditions such as employment related data, data of persons incapable of providing consent, not-for-profit organizations and others. It is recommended that all sections of these categories be reviewed. Breach Reporting Reporting a breach will become a requirement under GDPR. There will be requirements for organizations to report a breach to the supervisory authority. In addition, depending on the type of breach and the information that was taken, notification of the individuals affected may also be necessary. The notification will require more information than a simple statement such as, “ABC organization has experienced a data breach.” The notification will need to include, the nature of the breach, categories and number of individual records lost, name an contact information of the Data Protection Officer, a description of the consequences to the individuals and detail of the measures to be taken by the organization to mitigate any potential damage to the individuals. Counting Down to GDPR in the EU W03-1217-01 2017 Network Critical Solutions Ltd. All rights reserved
As noted above penalties for not reporting a breach within 72 hours of the organization becoming aware of it can be quite severe. Data Protection Officer It is apparent that a new IT specialty will soon be in high demand, Data Protection Officer. This position will requiredatanetworkingandITskillsaswellastheability to understand complex legal requirements, develop GDPR compliant data protection, documentation and reporting policy, work across functional areas and develop training requirements for IT and non-IT employees within organizations. This should be a high level function with the authority to set and enforce internal consequences for policy breaches. As we have seen, the accountability principles of GDPR put a heavy burden on organizations that do not comply with he regulations. The Data Protection Officer will be a critical internal GDPR advocate, compliance officer and enforcer to protect the organization from the liability of non-compliance. Time is of the Essence You may have be thinking that there is plenty of time to get ready GDPR. Hopefully, after reading this paper, you are now motivated to learn more about GDPR. As you prepare or adjust your 2018 budget, be sure to include a high level position of Data Protection Officer. You will also want to include funds for increased documentation requirements and new employee training on GDPR compliance throughout your organization. Protection Technology Of course there are many other requirements for GDPR compliance such as Privacy by Design and Default, Data Portability and more. Certain appliances such as Data Loss Protection and Intrusion Prevention Systems, may assist in protection from what can be very expensive breaches and sanctions for non- compliance. These appliances can be simply and safely attached to data links by using TAPs and packet Brokers without risking network performance or availability. So, while you are preparing for GDPR compliance, be sure your perimeter protection is also up to date with appropriate traffic visibility and link security. For more information on visibility and perimeter protection go to www.networkcritical.com. Deploying cyber security technology, diligent employee training on email use and data access, as well as well defined network security policy with consequences will help keep data secure. The best way to deal with a breach is to not have a breach. Counting Down to GDPR in the EU W03-1217-01 2017 Network Critical Solutions Ltd. All rights reserved

Recommandé

GDPR
GDPRGDPR
GDPRGopi PD
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for OpsKamil Rextin
 
GDPR
GDPRGDPR
GDPRSebastian Dramburg
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)RAKESH S
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 

Recommandé

GDPR
GDPRGDPR
GDPRGopi PD
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for OpsKamil Rextin
 
GDPR
GDPRGDPR
GDPRSebastian Dramburg
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)RAKESH S
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non expertsClaudio Bolla, CISM
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR The Pathway Group
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training) Elizabeth Baker, JD, CRCMP
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsRominaMariaBaltariu
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
An Overview Of GDPR (General Data Protection Regulation)
An Overview Of GDPR (General Data Protection Regulation)An Overview Of GDPR (General Data Protection Regulation)
An Overview Of GDPR (General Data Protection Regulation)Madhumita Mantri
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-OverviewErica Walker
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?Faidepro
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 

Contenu connexe

Tendances

Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non expertsClaudio Bolla, CISM
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsRominaMariaBaltariu
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
An Overview Of GDPR (General Data Protection Regulation)
An Overview Of GDPR (General Data Protection Regulation)An Overview Of GDPR (General Data Protection Regulation)
An Overview Of GDPR (General Data Protection Regulation)Madhumita Mantri
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?Faidepro
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 

Tendances (18)

Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Understanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics toolsUnderstanding gdpr compliance gdpr analytics tools
Understanding gdpr compliance gdpr analytics tools
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
An Overview Of GDPR (General Data Protection Regulation)
An Overview Of GDPR (General Data Protection Regulation)An Overview Of GDPR (General Data Protection Regulation)
An Overview Of GDPR (General Data Protection Regulation)
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratg
 

Similaire à The Countdown to the GDPR Regulations

A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingPromptCloud
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaperJim Wilson
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?VILT
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow MappingVISTA InfoSec
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulationFahad Ameen
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPRNeha Patel
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 

Similaire à The Countdown to the GDPR Regulations (20)

A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and Processing
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?
 
What is GDPR Data Flow Mapping
What is GDPR Data Flow MappingWhat is GDPR Data Flow Mapping
What is GDPR Data Flow Mapping
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

The Countdown to the GDPR Regulations

  • 1. If you are in the IT business and you have not yet heard of General Data Protection Regulations (GDPR), you might need to read this ASAP. If you have heard of it but are not sure what it is all about, this is a good time to get educated. A Gartner study predicts that more than 50% of companies covered by GDPR will not be in full compliance by the end of 2018. Another study by SAS reports that only 45% of companies surveyed have a structure in place and 58% admit that they are not aware of the consequences for non compliance. Like most government regulations, GDPR is long and complex. GDPR bestows new and specific rights to data subjects and requires new controls be put in place by data controllers and processors. Specifically, here is how the regulation defines personal data. “Personal data is any information that can identify an individual person. This includes a name, an ID number, location data, (for example, location data collected by a mobile phone) or a postal address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.” Note that this definition is quite broad and will require significant changes in IT process and organization. As with many laws and regulations, ignorance is no excuse. Further, GDPR consequences for non compliance are significant. Therefore, it is recommended to spend some time understanding this regulation, officially called “Regulation (EU) 2016 679.” In the mean time, here are a few key points. GDPR was passed by the European Commission, The Council of the European Union and the European Parliament. It is broad in its scope and reach across the EU and consequences for non-compliance can be severe. Although the GDPR was passed in April of 2016, it does not take effect until May 25, 2018. In the mean time, lets take a quick look at the purpose, scope and consequences for non-compliance. GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objective of the regulation is to give residents control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. In general, regulatory compliance can be cumbersome and costly. The GDPR, however unifies data protection regulations across the EU making it easier for international companies to understand and comply with one rather than many conflicting regulations. GDPR consolidates the cyber security and privacy regulatory environment and standardizes penalties for non-compliance. Sanctions for breach can range from a warning for first offense or non- intended non-compliance to fines up to 10,000,000 euro. The most significant change from previous regulations thatGDPRaddstootherregulationsistheaccountability principle. Organizations will be required to show how they comply with the principles by documenting decisions taken about a processing activity. Counting Down to GDPR in the EU www.networkcritical.com
  • 2. Who Needs to Comply? Organizations that collect data from EU residents (controllers) and organizations that process data on behalf of controllers (processors) such as cloud service providers and similar contractors are governed by this regulation. Even organizations based outside the EU that collect personal data from EU citizens are held accountable for GDPR compliance. It does not matter if your organization is small or global. If your business is deemed a “controller” or a “processor” you must comply with GDPR. The UK confirmed that the decision to leave the European Union will not affect the requirements to implement GDPR. Key Points Here are some thoughts consolidated from various sources to keep in mind while you prepare for GDPR compliance: ◆◆ Who is Responsible for GDPR Compliance - As stated above, all companies processing or controlling personal data that have customers in the EU need to comply. Even companies in the UK post Brexit who have customers in the EU will be governed by GDPR. ◆◆ Data subjects rights - Data subjects are customers who provide personal data to a company. Data subjects have expanded privacy rights including the right of erasure, the right to access their data, and to question decisions made purely on algorithmic basis. ◆◆ Internal record keeping requirements - There are specific record keeping requirements that may include the appointment of a Data Protection Officer in order to manage compliance, audits and record keeping. These regulations are broad and penalties are severe. Cross functional requirements will likely require a specialist who will manage compliance throughout the organization. ◆◆ Cross Border Data Processing - When utilizing data processors outside of the EU, companies need to be sure that GDPR regulations are followed. ◆◆ Training - There will be new rights bestowed upon data subjects. Staff must be trained to understand and comply with these rights when requested. ◆◆ Pseudonymisation - This is a GDPR requirement to help keep data subjects information safe. While subjects data is under the control of a processor or a controller it shall be pseudonymized. This is another word for encryption or other methods of disguising data so it can not be attributed to a specific data subject without a key. Further the key must be kept separately from the pseudonymized data. Essentially, don’t encrypt data then keep the key with the encrypted data. This idea sounds simple but it is surprising how often hackers find the keys to the safe sitting on top of the safe. Rights of Data Subjects In addition to the data protection requirements, GDPR includes individual protections like a data subject bill of rights. GDPR sets out specific rights with which processors and controllers must comply. These data subject individual rights include: ◆◆ The right to be informed about what is being done with data, ◆◆ The right of access, ◆◆ The right to rectification, ◆◆ The right to erasure, ◆◆ The right to restrict processing, ◆◆ The right to data portability, ◆◆ The right to object, ◆◆ Other rights related to automated decision making and profiling. As you can see from this list, data subjects have new power over their personal data held by processors and controllers. For years, organizations had little Counting Down to GDPR in the EU W03-1217-01 2017 Network Critical Solutions Ltd. All rights reserved
  • 3. direct responsibility to the data subject regarding their personal information. Therefore, the controls on access and management of that data has been typically lax. It will now be important for these organizations to establish processes that will keep records current and delete or archive information that is not active. Many organizations keep all customer/subject data in the files for use with outbound marketing, sales and other customer outreach functions. Often, there are few restrictions within the organization regarding who has access to that information and how it is used. That will change under GDPR. It will be prudent to set specific policies regarding how long data subject data should be in active files and whether or when it should be deleted or archived. The type and frequency of outreach to the data subject for permission to update and maintain their information should also be considered. Access to stored information is a process that will likely change in many organizations. Historically, customer data is readily available to anyone in the organization with a computer. With increased scrutiny on protection of customer information, it may be a good idea to develop strict data access policies throughout the organization. A good example is the Equifax breach in the United States where 450 million customer records were stolen. The damage here could have been greatly reduced if access to that information were segmented and layered. Even if one access level were breached, other levels may have still been protected. No one in any organization has a need for permanent permission to access all the data all the time. Determine Lawful Basis Under GDPR, organizations will be required to determine and document a lawful basis for processing personal information. The lawfulness of processing conditions include: ◆◆ Consent of the data subject ◆◆ Processing is necessary for the performance of a con- tract with the subject ◆◆ Processing is necessary to be in compliance with a legal obligation ◆◆ Processing is necessary to protect the vital interests of a data subject or another person ◆◆ Processing is necessary in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ◆◆ Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, ex- cept where such interests are overridden by the inter- ests, rights or freedoms of the data subject. There are other special categories of data which have their own special conditions such as employment related data, data of persons incapable of providing consent, not-for-profit organizations and others. It is recommended that all sections of these categories be reviewed. Breach Reporting Reporting a breach will become a requirement under GDPR. There will be requirements for organizations to report a breach to the supervisory authority. In addition, depending on the type of breach and the information that was taken, notification of the individuals affected may also be necessary. The notification will require more information than a simple statement such as, “ABC organization has experienced a data breach.” The notification will need to include, the nature of the breach, categories and number of individual records lost, name an contact information of the Data Protection Officer, a description of the consequences to the individuals and detail of the measures to be taken by the organization to mitigate any potential damage to the individuals. Counting Down to GDPR in the EU W03-1217-01 2017 Network Critical Solutions Ltd. All rights reserved
  • 4. As noted above penalties for not reporting a breach within 72 hours of the organization becoming aware of it can be quite severe. Data Protection Officer It is apparent that a new IT specialty will soon be in high demand, Data Protection Officer. This position will requiredatanetworkingandITskillsaswellastheability to understand complex legal requirements, develop GDPR compliant data protection, documentation and reporting policy, work across functional areas and develop training requirements for IT and non-IT employees within organizations. This should be a high level function with the authority to set and enforce internal consequences for policy breaches. As we have seen, the accountability principles of GDPR put a heavy burden on organizations that do not comply with he regulations. The Data Protection Officer will be a critical internal GDPR advocate, compliance officer and enforcer to protect the organization from the liability of non-compliance. Time is of the Essence You may have be thinking that there is plenty of time to get ready GDPR. Hopefully, after reading this paper, you are now motivated to learn more about GDPR. As you prepare or adjust your 2018 budget, be sure to include a high level position of Data Protection Officer. You will also want to include funds for increased documentation requirements and new employee training on GDPR compliance throughout your organization. Protection Technology Of course there are many other requirements for GDPR compliance such as Privacy by Design and Default, Data Portability and more. Certain appliances such as Data Loss Protection and Intrusion Prevention Systems, may assist in protection from what can be very expensive breaches and sanctions for non- compliance. These appliances can be simply and safely attached to data links by using TAPs and packet Brokers without risking network performance or availability. So, while you are preparing for GDPR compliance, be sure your perimeter protection is also up to date with appropriate traffic visibility and link security. For more information on visibility and perimeter protection go to www.networkcritical.com. Deploying cyber security technology, diligent employee training on email use and data access, as well as well defined network security policy with consequences will help keep data secure. The best way to deal with a breach is to not have a breach. Counting Down to GDPR in the EU W03-1217-01 2017 Network Critical Solutions Ltd. All rights reserved