GDPR Cybersecurity Compliance
GDPR cybersecurity compliance aims to standardize laws dealing with consumer privacy across the European Union, and lays the groundwork to reshaping the manner in which all organizations and entities approach the subject of data privacy. General Data Protection Regulation (GDPR) will take effect across the European Union beginning on May 25th, 2018.
GDPR will be replacing the current EU cybersecurity regulations known as the Data Protection Director 95/46/EC.
GDPR cybersecurity compliance is said to include the world’s strictest set of data privacy rules. Penalties for non-compliance can be as high as 4 percent of global turnover if violations are deemed to be especially egregious or neglectful. The constant cybersecurity breaches across the world have forced the European Union to get serious about data protection.
Threatcare’s Violet platform helps organizations validate that their security controls in place actually work, verifying that their data is secure through breach and attack simulations. Companies can use Violet to help be GDPR compliant. Violet is a BAS technology.
The General Data Protection Regulation specifies the roles, processes and technologies that organizations must adopt — and implement — in order to ensure EU citizens’ data is both secure and accessible.
GDPR cybersecurity compliance provisions include:
- Data must be protected against misuse at every point in its lifecycle;
- As little data as possible must be collected and kept;
- On request by individuals, companies must delete all of their personal data;
- Also on request, firms must move an individual’s personal data to a different provider;
- Individuals must be notified within 72 hours of a data breach that compromises their information;
- Following an outage or system failure, access to personal data is required to be restored quickly.
The rules will have a major impact on how companies can collect and manage the personal data of EU citizens, even if those companies are not located within the European Union.
Interestingly, before the rules of GDPR regulations go into place, 87 percent of Chief Information Officers believe their companies’ policies and procedures leave them open to risk under GDPR. It has also been reported that 58 percent of U.S. companies believe they will be fined under the new regulation.