GDPR (General Data Protection Regulation) is a regulation that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. GDPR Compliance will make organizations around the world that collect data from any EU citizen to comply with strict new rules around protecting customer data within the next year. Organizations will need to assess key security components and processes like data breach detection and notification, data controller and data processing procedures and training to ensure they meet the mandates of the GDPR. It is believed that 2/3 of US companies would not be GDPR compliant at the time this regulation was introduced.
Compliance will cause some concerns and new expectations with security on personal data. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number. This compliance is addressing the expansion of what constitutes personal data. The following privacy data is protected by GDPR Compliance:
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
The GDPR compliance will force U.S. companies to change the way they process, store, and protect customers’ personal data. GDPR does not supersede any legal requirement that an organization maintain certain data such as HIPAA health record requirements. Several requirements will directly affect security teams as they will be tasked with providing a “reasonable” level of data protection and privacy to EU citizens. The biggest challenge organizations will need to adjust to is the challenging requirement that companies must report data breaches to supervisory authorities and individuals affected by a breach within 72 hours of detection.
2W Tech has a Cyber Security Compliance Program that is designed to support our Client’s compliance obligations. Most organizations must abide by and maintain a standard for controls that safeguard the confidentiality and privacy of information stored and processed. We work hand in hand with you to learn more about your required compliances, help obtain proper agreements, and access relevant system architecture information. Give us a call today to get started on your journey to achieving compliance.
7 Steps to a Holistic Security Strategy
Interested in reading this article? Click the button below to download this asset.