Skip to main content
0 Results Found
              Back To Results

                General Data Protection Regulation

                What is the General Data Protection Regulation?

                The General Data Protection Regulation (GDPR) is the most comprehensive overhaul of European data protection rules in more than twenty years. Its purpose is to replace the varying implementations across Europe of the earlier European Union Data Protection Directive with a single, harmonized EU regulation. The intended outcome is a standardized set of expectations for an organization’s management and protection of personally identifiable information (PII) on employees, clients and other applicable data subjects.

                Why it matters

                As of the 25th May, 2018 deadline, organizations globally that process EU citizen data need to ensure they are taking steps to ensure they are ready to fulfill new data protection requirements.

                Learn More

                Common Misconceptions

                The GDPR is the most comprehensive overhaul of data protection rules in over twenty years. As we edge nearer to the enforcement date, the hype and urgency increases and it is no surprise that misconceptions about the regulation abound.

                • It’s not about where your organization is domiciled or headquartered. If you have subsidiaries or customers in the EU, work with EU vendors, or process EU citizen data, you’re in scope.
                • It’s not an isolated department’s responsibility. A GDPR Program is a cross-functional effort. Legal deals with the processing elements, IT with implementing technical controls and security with protection of the data, including detecting and responding to any threats to that data.
                • It’s not a one-time fix. Once May 25th, 2018 has passed, the work to fulfill the requirements isn’t complete. Any single change you make going forward that impacts personal data, must be assessed to ensure that it doesn’t move you into non-compliance.
                • There is no one-size fits all program of remediation work, solution or technology. GDPR is a risk-based, business driven framework, built around your own individual organizational operations and your own risk profile and that of your data subjects.
                • There is no GDPR certification, it’s about due diligence and taking appropriate action to protect personal data.

                What GDPR Means for your Security Strategy
                White Paper What GDPR Means for Your Security Strategy

                GDPR provides a comprehensive data protection regime, of which data security is one part. Privacy and data protection issues have far-reaching implications for many aspects of business operations and GDPR is likely to require significant changes across many parts of the organization.

                With the right approach and help, organizations can use the requirements laid down by GDPR that affect information security to promote privacy, security, and business enablement.

                Featured Resources

                GDPR Breach Notification: A Spotlight on Detection Reporting
                Blog Breach Detection & Reporting

                When it comes to reporting an incident, new guidance from the Article 29 Data Protection Working Party on GDPR breach notifications encourages organizations to include notification to the supervisory authority as a key step in their incident response plan. It also outlines practical steps that every organization can implement. In this blog, our risk management and information security experts outline some good security practices to consider.

                Compliance with the Six Principles of the GDPR
                PRINCIPLE 1 Fair, lawful and transparent processing of personal data
                PRINCIPLE 2 Specified, explicit, and legitimate purposes for the collection and processing of personal data
                PRINCIPLE 3 Personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes of the processing
                PRINCIPLE 4 Personal data is accurate and kept up to date
                PRINCIPLE 5 Personal data is kept only as long as necessary
                PRINCIPLE 6 Personal data is processed in an appropriate manner to maintain security of the data

                Additional Resources

                White Papers

                The Value of Incident Response Planning Read More
                Talk with our Cybersecurity Experts
                Close Modal
                Close Modal