//
you're reading...
Information Security, IT & TECHNOLOGY

May the Fourth Be with EU


CSA-Logo

On April 14, 2016, the EU Parliament passed the long-awaited new EU rules for personal data protection (GDPR). Everyone who holds or processes data on individuals in the 28 countries of the EU has until Star Wars Day 2018 (May 4) to comply.

The top 10 provisions of the regulation are:

  1. It is a global law. No matter where you are in the world, if you have data on individuals in the EU and lose it, you are responsible and can be fined. As an example, if you have a web site and a European comes on and enters their contact information, you have to conform.
  2. Increased fines. Up to 4% of global turnover or €20,000,000 (US$22M)
  3. Opt-in regulations. Users must give clear consent to opt-in to their data being collected and you must only use it for the purpose defined. No opting out, no hidden terms, no selling/giving data to other people.
  4. Breach notification. If you lose data, you have 72 hours to tell the authorities.
  5. Joint liability. If multiple companies process the data, they are all liable if data is lost, so if you hold data YOU are responsible if data gets lost via a risky cloud service.
  6. Users can demand their data back, that it is updated and deleted. If you hold data, you need to work out how to achieve those.
  7. Removes ambiguity. One law across all 28 countries of the EU.
  8. Common enforcement. The authorities are expected to enforce consistently across all the countries, the good news is data holders only need to deal with one authority.
  9. Collective redress. Users can sue together if data is lost in class action lawsuits.
  10. Data transfer. Data transfer from the EU is allowed, but subject to strict conditions.

If you work for a company collecting data, you are responsible for the security of that data no matter where it gets processed. It’s more important than ever that you know the shadow IT services that employees may be using, as they could be the conduit for data loss and your organisation will be liable.

There’s some good news for IT in the regulation – the new rules encourage privacy-friendly techniques such as pseudonimysation, anonymisation, encryption and data protection by design and by default. So capabilities such as encrypting data before it is uploaded to the cloud, especially when harnessed with keeping the keys on premises, can reduce your liabilities.

This is good news for EU citizens, as they will have strong and clear rights over their personal data, its collection, processing and security.

Some organizations have in the past treated personal data as a cheap commodity but this regulation clearly shows how valuable data really is and demands that they treat it with great respect.

We should all put a value on data about ourselves and our families and embrace this legislation because the outcome is that all of our data will be safer.

Nigel Hawthorn, EMEA Marketing Director, Skyhigh Networks

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 123,466 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,485 other followers

Twitter Updates

Archives

April 2016
M T W T F S S
« Mar   May »
 123
45678910
11121314151617
18192021222324
252627282930  
%d bloggers like this: