GDPR (General Data Protection Regulation) is a European Union regulation on the protection of personal data and it applies to every company and state organization in the EU. The regulation comes into force on 25 May 2018, after a two-year transition period.
What security measures do you take to guarantee personal data protection in your company?
Fines for not complying with GDPR can go up to 20 million euros, or 4% of a company's overall income (depending on which value is higher).
Each and every organization has to consistently protect personal data. You also have to protect employee personal data, customer information, patient databases, etc.
Effective data protection
Your company has to be ready to prove that your technical and organizational measures for data protection function properly.
Compulsory reporting of data breaches
The Data Protection Authority must be notified within 72 hours of breach discovery.
Data processing permission
Free and clear authorization is required. Requests for approval must be simple and easy to understand.
Expanded definition of "personal data"
Personal data also includes email addresses, IP addresses, cookies, and genetic and biometric information.
Right to be forgotten
Each person has the right to require that you delete his/her personal information without delay.
Dedicated "Data Protection Officer"
Organizations systematically processing personal data are required to have a person appointed to the role of "Data Protection Officer"
Privacy by design
Personal data protection must be implemented in the design stage of a security measure.
You must protect all personal data from being misused. Are you, right now, able to guarantee that your customer and employee records are safe? How do you treat the risk of data breach by data transfers, i.e. to your payroll accountant?
See how data is actually handled in your company.
Safetica can help you with this. The Safetica solution monitors the movement of important documents, who opens them, and how they are handled.
Set clear rules for who can work with personal data and how.
Safetica ensures that your security policies will not only exist on paper, but will also be used in practice.
Every employee should know which information needs to be handled with sensitivity and how it should be treated.
Safetica informs employees about security rules and thus helps to strengthen data protection.
All media containing personal data should be encrypted - that's what GDPR directly recommends.
Thanks to the centralized encryption management of entire disks, Safetica makes it easier to encrypt media throughout the whole company.
Data leak prevention has to be comprehensive and it must secure all communication methods - email, print, USB drive, DVD, mobile devices, etc.
Safetica ensures that only data that has been secured can leave your company.
CVs, labor agenda or contracts - keep all these docs safe when they are not in use.
Safetica allows you to manage which sensitive documents can be printed, so you can make sure that even a printed copy of your contacts database won’t get stolen.
GDPR requires companies to have the ability to recover personal data in case of technology failure. This is also crucial for other systems in your organization.
In addition to antivirus, don't forget about system updates, correct network settings, firewalls or other technologies (IDS/IPS, honeypots, etc.) for network protection.
With Safetica it's easy to comply with strict GDPR requirements.
You'll have a better overview of what's going on in your company, you'll see how employees treat sensitive data, and you'll eliminate the risk of personal data being misused. When there's a security threat, you'll be notified in real time, and if there is a problem, you'll have easy access to all the information you need for compliance reporting.
The statements given herein are for information purposes only, and they do not represent the comprehensive list of GDPR regulation requirements. They are neither a substitute for legal consultation, nor an individual analysis of requirements for GDPR compliance.