With the forthcoming introduction of the EU's General Data Protection Regulations (GDPR) in May 2018, there is now a definite move toward privacy by design, meaning organisations will have to build data security safeguards into processes - from beginning to end.
Organisations will become accountable for the Personally Identifiable Information (PII) they hold; Know where it resides and how they can secure it (at rest and in-flight).
So what does this mean for the IT security professional - as well as the organisation as a whole?
Reporting of data breaches
Data breaches must be reported within 72 hours of being detected. Organisations are liable for any breaches, with penalties at a maximum of €20 million or 4% of annual revenue – whichever is greater.
Data protection by design
Under GDPR, data protection and processing safeguards must become part of the DNA of all systems and processes, with data protection by design based on seven “foundation principles”:
- Proactive not reactive; Preventative not remedial.
- Privacy as the ‘default’ setting.
- Privacy embedded into design.
- Full functionality: positive sum, not zero sum.
- End-to-end security: full life-cycle protection.
- Visibility and transparency: keep it open.
- Respect for user privacy: keep it user-centric.
A simple guide for information security professionals
To help you quickly get to grips with the challenges the introduction of GDPR presents, Comtact has put together a simple, essential guide to GDPR, outlining:
- Data reporting and Compliance checklists.
- 4-step plan to get ready for GDPR.