The new European data protection regulation - Are you ready?
Digitalisation has long been part of our business lives and it continues to progress at breath-taking speed. Thanks to cloud computing, Bring your own Device and the wide availability of IT products, small companies and organisations enjoy opportunities that were previously only available to large enterprises. Today, borders and locations are no longer relevant, customers are at home all over the world, and many of them are from the EU, creating new challenges—especially in data protection: Rules and laws bound to natural or legal persons must be observed.
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a European Union provision, standardising the data protection laws of the 28 member states and replacing the previous EU policy. The regulation came into effect on 24 May 2016 and must be implemented by 25 May 2018.
The GDPR contains a series of new rules leading to data protection processes and systems being reviewed and updated. This has resulted in a new "Path to Compliance" to help stay on the right side of the law in the future, but this inevitably creates problems. The larger the collection of personal data or the more closely the purpose of the organisation is linked to the use of personal data, the more complex these challenges become.
Individuals have new and extensive rights concerning how their personal data is processed:
- Complete right to information regarding the purpose for and the legal basis of processing
- Requesting the deletion of data if the processing purpose has been fulfilled*
- Transferring processed data to another company
- Right to correction of information
* Must happen within a month
IP addresses and cookies are now also expressly considered personal data!
Does the GDPR only relate to EU customers’ personal data?
At the moment, the answer to this is ‘yes’. Discussions are currently being held in the countries of the European Trade Association (EFTA, the organisation to which Norway, Denmark, Lichtenstein and Switzerland belong) about whether the GDPR will be adopted there as well. Up-to-date information about the status of these discussions can be viewed here:
GDPR & EFTA Information
What are the new requirements?
It is not yet clear what the complete spectrum of requirements looks like, because many have yet to be developed. However, the regulation has laid down a number of crucial requirements:
- Data Protection by Design and Data Protection by Default
- Pseudonymisation and encryption of personal data
- Appointment of a data protection officer who monitors compliance with the regulations
- Introduction and implementation of suitable guidelines and processes (to demonstrate GDPR compliance)
- Informing the supervisory authorities of a violation of the protection of personal data within 24 hours.
- Prevention of unauthorised access to personal data
We can help you
Our specialists deal intensively with the topic of GDPR. In cooperation with our partners, we'll check that your IT is GDPR-compliant. At the same time, our partners will endeavour, wherever possible, to automatically offer you the user GDPR-compliant services from 25 May 2018.
Here's a selection:
- Microsoft: Safeguard individual privacy with the Microsoft Cloud. Including:
Office 365, Dynamics 365, Microsoft Azure, SQL Server, Enterprise Mobility + Security, Windows 10 and Microsoft 365
- Adobe: Adobe automatically adopts EU law because its European headquarters is located in Ireland. The Adobe Privacy Center is already very comprehensive and provides comparatively transparent information about the use, storage, and integrity of personal information.
- Oracle: Oracle has been known for its innovative security solutions and data backup for many years.
The company supports the discovery & identification of personal data in risk assessments.
There are many ways to prevent attacks—from encryption to anonymisation of personal data.
Detecting and preventing data breaches is no longer only possible using classic firewalls—Oracle Audit Vault and Database Firewall allow simple and flexible monitoring of existing data.
Oracle & GDPR Information
Oracle GDPR Webinar Recording
- Trend Micro: In terms of security, this company is already GDPR-compliant. Trend Micro products and solutions cover technical requirements in physical, virtual, cloud-based and hybrid environments—both in data security and in the early detection of reportable incidents.
Trend Micro & GDPR Information (German)
- VMware: TheNSX-network virtualisation platform allows security tools to be deployed in the data centre network at a fraction of the cost of new hardware. It's easy to implement and supports you in fulfilling GDPR requirements in your company.
VMware & GDPR Information
Are you looking for a GDPR-ready solution? Get in touch today!