May 18, 2017 by

Five Key Aspects of The GDPR

Effective beginning May 25, 2018, the General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive.  This is the first crucial and much needed change to EU data privacy laws since 1995, when just 0.4% of the world was connected to the internet, whereas now almost 50% of the world is connected. In this digital revolution, the old policies are not enough to keep the security of individuals safe.  GDPR outlines the standards for protecting the rights of personal data belonging to all people in the EU. Organizations will now follow the guidelines to handle and safeguard EU citizens’ personal data in a more efficient manner. There are five key aspects of GDPR requirements.

  1. All data is to be reported immediately and no later than seventy-two hours after the breach is found
  2. The definition of personal data is now extended to the location, IP address, medical data, and genetic information
  3. Organizations are required to perform Privacy Impact Assessments (PIAs), to assure personal information is protected.
  4. Organizations are required to perform Data Protection Impact Assessments, to identify risks to consumer data and are required to perform Data Protection Compliance Reviews to assure those risks are addressed
  5. Data processing and data controllers will have the responsibility of protecting person information
  6. All organization in the energy, transportation banking, healthcare sectors, and providers of critical digital services like cloud computing will be expected to take “appropriate security measures” in the state of malware detection, response, and reporting.

As well as the key aspects stated above, GDPR will also require all organizations to obtain consent of subjects for data processing, anonymize all collected data, handle all data transfers safely across borders, and require certain organizations to hire data protection officers who oversee GDPR compliance.

Individuals will have more control of their personal data and will have the ability to transfer their data between providers more easily, called right to portability. All members of the EU and all international organizations which distribute goods and services to EU citizens will be required to follow these regulations. If they do not comply, severe penalties and fines will be served, article 79 of the GDPR states that penalties can be up to 4% of the company’s global annual revenue.

Implementing and complying to the GDPR guidelines will encourage organizations to avoid penalties, while increasing customer data protection and trust. Organizations all over are going through a major transitional period in order to  prepare and implement the new regulations required by the GDPR by May 2018.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

The Importance of a Corporate Culture Built Around Security

Building a culture of security is substantial to any organization. Having a culture built around...

Read more arrow_forward

Top Responsibilities of a New Chief Information Security Officer (CISO)

As the need for security becomes more prevalent in organizations, the role of a Chief Information...

Read more arrow_forward

Critical Vulnerability Within Microsoft Secure Channel Allows Remote Code Execution

Make sure you patch your systems immediately. Exploits taking advantage of this critical vulnerability are already in the works.

Read more arrow_forward