Free trial Request quote Contact me
14September
GDPR = Higher IT Security Requirements
The new Data Protection Regulation (GDPR) law is intended to strengthen the protection of the individual by imposing certain requirements on those who collect or process personal data. The law will come into effect in May, 2018, and organizations that do not comply with the EU's new data protection act may be fined by up to four percent of their global annual sales. This means mishandling data could cost organizations 100’s of millions of euros in fines.
By Stefan Thelberg Topics: GDPR, General Data Protection Regulation

Incidents which must be reported

But it is not just about direct rights for the user, but the person who processes personal data must also ensure good security to protect personal data and when data covers arise, this must be reported. Security shortcomings can thus be very costly, which increases the requirement for general IT security.

A comprehensive new law

The new law is comprehensive and covers everything from how the collection of personal data should be presented in a clear way to individuals to how to protect the personal data on a technical level. The law establishes a number of rights for the registered person, i.e. the user whose information is being collected. Here are some of the main points:

  • Services similar to social media must acquire a guardian’s approval for individuals under 16 years of age.
  • Users must be able to get their collected information presented to them in a structured, standardized, and easy-to-understand manner.
  • Organizations must handle incoming requests regarding these individual rights requests within one month.
  • Users must be able to obtain information about what information has been collected on them, what the purpose of the collection is, which entities have access to the information, how long the information is to be stored form, and any other rights the user has.
  • Users have the right to have their personal data deleted when the storage period expires or if the registrant no longer approves of the information collection/storage.
  • Users have the right to oppose or to determine restrictions related to the collection or processing of personal data. For example, they may decline to allow the information to be used for direct marketing purposes.
  • Finally, users have the right to demand any incorrect information is requested.
About the author
Stefan Thelberg has worked with IT security for the entirety of his career, and is the founder of successful IT security company Stay Secure - a standout firm in the real of email and web security.

Stefan Thelberg
+46 (0)739-99 33 12
stefan.thelberg@holmsecurity.com