The EU GDPR Regulations are set to change the game of data security from 2018.
Applicable to all businesses who hold EU Citizens' Personal Data, the new laws both add new requirements on the processing of personal data and tighten existing regulations. They require a comprehensive review of data security, from data audits and DLP through to incident response.
Appointing a DPO to monitoring GDPR compliance.
New requirements for collecting & processing personal data to give citizens data sovereignty.
A 72 hour countdown to notify authorities (and often consumers) of a breach, with detailed breach analysis.
Tiered penalties up to 4% of global annual turnover (or €20,000,000 if higher) for GDPR violations
Additional powers for local authorities to investigate & prosecute data controllers & processors
Strong technical & organisational measures to keep data safe
Data controllers & data processors must declare data breaches
Understand your business exposure and risk of penalty
Be prepared for the new data subject right to have data deleted
Know exactly what PII you hold, where it is and who has access to it
Minimising unneeded exposure & ensuring only those with a legitimate need can access data
Bytes SP provided the know-how and expertise which helped us in turning around perceptions of PCI Compliance from a poisoned chalice to a useful business investment. Harvey Nichols, Infrastructure Manager