Following the go live date for the European Union’s General Data Protection Regulation in 2018, there has been much more attention focused on the urgency to ensure that personal data within your management is kept 100% safe from being accessed by actors who do not have responsibility.
The introduction of the aforementioned law was another reminder that, in light of the widespread massive data hacks over the last number of years, that hackers will stop at nothing to try and make an illegal profit using unsecured private and personal information that they can get their hands on.
GDPR Explained
GDPR was developed in order to install a range of rules, regulation and fines which would result in the personal data of E.U. citizens and residents remaining secure 100% of the time. Businesses and organisations which fail to comply with this legislation can be subjected to financial penalties up to €20m or 4% of annual global revenue for the previous financial year – whichever figure is larger.
GDPR copper fastened rights including:
- The right of every individual to have their personal data protected at all times.
- Data like this must be managed fairly and only with the authorization of the person it relates to, or some other authentic basis included in GDPR legislation.
- Individuals have the right to be given copies of their personal data, which has been gathered about them, and the right to have it corrected should the need arise.
- An Independent body will police the implication and management governance of these rules in each jurisdiction.
- Adhering to this legislation must be policated using an independent supervisory authority.
Cyber Attacks
The proliferation of cybersecurity crimes has resulted in the safeguarding of private personal data becoming more important than ever. Hackers will try everything possible to tget their hands on private information including names, identification number, geographic/location data, contact details, social security/welfare details, bank account numbers, identifying images, cookie identifiers, IP addresses, other specific online identifiers.
There have been a huge amount of hacking campaigns attacks and data breaches. Examples include the Marriott Hotels breach, Facebook Cambridge Analytica scandal and the Equifax violation in the USA. There are an even more data breaches that occur on a much smaller scale. The parties that are caught will be sanctioned with criminal convictions and those who did not make the personal data secure have have the appropriate fines applied to them.
What Companies/Organisations Need to Do for GDPR Compliance
There are a variety of legal obligations on companies and groups. They include:
- Establishing adequate management systems for data that they process.
- Identifying data processors that are legally qualified to do the role.
- Maintaining records of processing tasks completed.
- Ensuring that all personal data remains 100% secure at all times.
- Carrying out data impact assessments.
- Designating a Data Protection Officer (DPO).
- Making sure that all codes of conduct and certification are being adhered to.
- Managing the legal transfer of data outside of the E.U.
