EU GDPR – GENERAL DATA PROTECTION REGULATION ACT

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don't specifically market goods or services to EU residents.

Cybersecurity starts from proper awareness. Briskinfosec BINT LAB cybersecurity researchers continuously put extraordinary effort to help you to realise cybersecurity better and faster. Just download the ThreatSploit Adversary report.

• Scope and plan your GDPR compliance project
• Conduct a data inventory and data flow audit
• Undertake a comprehensive risk assessment
• Conduct a detailed gap analysis
• Develop operational policies, procedures and processes for PII & SPII Information
• Secure personal data through procedural and technical measures

• Improve privacy-related internal procedures
• Appoint a Data Protection Officer
• Ensure teams are trained and competent
• Monitor and audit compliance
• Implement and Achieve GDPR compliance
• Continual Improvement, Monitoring and Tracking

Article 79 is one of the GDPR provisions getting the most attention recently, as it introduces penalties and fines into data protection regulations. Specifically, the GDPR introduces:

• Increased SA Authority: SAs, or Supervisory Authorities, are independent organizations that investigate complaints about businesses and their compliance with GDPR rules. Under GDPR, these organizations have more authority than they did under the 1995 Directive, holding both investigative and corrective powers. SAs may perform audits to ensure compliance, issue warnings for non-compliance, set deadlines for compliance correction measures, and decide on the penalties and fines to be issued to specific companies for certain infractions. SAs can even order data to be erased and block organizations from transferring data between countries.

• Non-Compliance Fines: The GDPR allows SAs to issue larger fines than under the Data Protection Directive. In the former Data Protection Directive, penalties and fines were largely determined by the states and tended to be very low compared to industry standards. In the new GDPR rules, however, fines are set by the SA based on the circumstances surrounding the case. The SA may choose whether to impose fines, as well as the precise amount of the fine. Generally speaking, companies that fail to comply with significant regulations may face fines up to four percent of the company’s total worldwide annual turnover. While four percent may seem like a small amount that can total in the millions and billions for larger corporations. Alternatively, smaller companies with lower annual turnover may face fines up to 20 million Euros.

The GDPR includes the following changes compared to the Data Protection Directive:

• Standardization: Data Protection Directive’s biggest weakness was the fact that it was a directive, meaning that it could only set minimum legal standards for EU states. This meant that EU states had to create their data protection laws, and resulted in a wide variety of data protection laws across Europe with little standardization. GDPR is designed to solve this problem – as a regulation, GDPR imposes a uniform law on all EU member states without needing state legislation to pass. The result of this consistent rule is standardization across the EU, making the regulatory environment simpler for international businesses.
• Control: One of the primary goals of the GDPR is to give control of personal data back to citizens and residents of the EU. This is reflected by requirements that subjects give consent before data is processed, that collected data is anonymized and safely handled when transferred, and that breaches are handled with the utmost urgency and care. The regulation also applies strict rules to the export of personal data to entities outside of the EU and requires certain types of companies to appoint data protection officers for overseeing GDPR compliance within their organizations.

These GDPR requirements are already in full swing in European Organizations including the UK, so companies the regulation applies to must ensure that they’re compliant with the new requirements before that time. Any businesses that fail to comply with GDPR laws will be prone to penalties and fines.

As per the EU Commission ,

• Awareness of Data Protection Authorities
  • 57% of Europeans know that there is a public authority in their country responsible for protecting their rights about personal data
  • 20% know which public authority is responsible

• Awareness of GDPR
  • 67% of Europeans have heard of the GDPR

Briskinfosec providing a unique way to implement EU – GDPR for valuable Customers

Maintaining compliance with the new GDPR laws will take a great deal of work and development, especially if your company doesn’t already have extensive security and monitoring systems in place. Between the monitoring requirements and the staffing and contact needs involved in maintaining GDPR compliance, your company needs a system that will help balance it all. Briskinfosec can help with a GDPR compliant Cloud SOC.

Briskinfosec offers as your comprehensive cloud-based managed security for GDPR. This cost-effective solution for MSPs is designed to provide around the clock managed security for GDPR for small to mid-size businesses.

Briskinfosec security and compliance platform offers:

• Advanced architecture designed to help businesses minimize their risks and manage their compliance with regulatory entities like GDPR while still maintaining business continuity
• Multi-tenancy support helps your company store customer data and accounts, protecting the integrity of their personal information
• The GDPR compliant network monitoring system provides real-time attack visualization, which helps identify attacks and breaches as they happen, using rules-based, vulnerability, statistical and historical correlations to alert you immediately and identify crucial attack information for reporting
• Vulnerability correlation software integrates all the data from your detection systems, identifying and eliminating false positives so that your team is free to focus on actual threats

• Sophisticated reporting tools to help put together reports for GDPR audits, as well as other regulatory entities like ISO, PCI, HIPAA and SOX

With the tools provided by this GDPR compliant SOC, your business and your data protection officer are more able to prevent and mitigate breaches and maintain compliance with the new GDPR standards.

To whom GDPR Applies

As an EU regulation, GDPR is designed to protect the personal data of data subjects residing in the EU. Specifically, Article 3 of the GDPR states that it applies to the processing of personal data of citizens and residents of the EU, even if the processor isn’t established in the EU. Practically, this Article of the GDPR means that these Regulations apply to any company marketing goods or services to EU residents and citizens. These include:

• EU States: Government entities that handle the personal data of citizens and residents of the EU are as much subject to GDPR rules as any company.
• EU Companies: EU companies, since they are both located within the EU and handle transactional and personal data of EU citizens and residents, are expected to comply with GDPR.
• Global Companies: Any company that markets goods and services to EU states and completes transactions with EU citizens and residents are also expected to maintain GDPR compliance, regardless of where the corporation is located. Even if they have no staff or equipment located in the EU, if their marketing efforts extend to the EU or they use personal data to track the behavior of EU citizens, they are subject to GDPR rules.