Global
Belgium
Denmark
Finland
Germany
India
Malaysia
Netherlands
Norway
Poland
Sweden
UK
Consistency & Increased Security
General Data Protection Regulation, or GDPR, came into force on 25 May 2018. GDPR aims to create coherence around the management of personal data within the EU. Because data protection is an essential part of GDPR, it has significantly impacted the importance of protecting personal data, especially from a cyber security perspective.
Continuous Evaluation of Cyber Security
Higher security demands and structured security management are necessary to protect personal data. Each organization must continuously ensure systems that handle or store personal data. Since most IT environments are a network of interconnected computers, servers, etc., organizations must ensure security throughout their entire IT environment.
Framework for Increased Security Audits
GDPR requires a combination of technology, processes, procedures, and people working together to guarantee personal data privacy. IT departments must establish security strategies and use them as a framework to prevent, monitor, and manage any data breaches. This includes developing policies and procedures to train employees to handle data correctly.
- Establish processes and systems to identify possible signs of intrusions or security irregularities and notify and report these instances.
- Implement preventive security systems such as firewalls and IDS (Intrusion Detection System).
- Monitor users with administrator privileges to detect discrepancies or deviant behaviors.
- Establish security policies that facilitate Continuous Monitoring of activities to detect irregularities or unauthorized access to personal data.
- Otherwise, ensure that your organization has sufficient protection for the organization’s network against threats such as unauthorized intrusion, removal, and sharing, as well as copying and attempting to copy information.
Financial Fines
British Airways
Lack of security led to hackers stealing information from about 400,000 customers. British Airways had to pay €3,2 million in financial fines.
Capio St. Göran
The hospital’s information system was not adequately secured and ignored the principle of minimum access, which gave users full access to all patient data, including sensitive information. Capio St. Göran had to pay €22,4 million in financial fines.
Mariotte
Lack of security led hackers to steal 339 million customers’ data. Thirty-one million were EU residents. Mariotte had to pay €20,4 million in financial fines.
Facts About GDPR
- GDPR (General Data Protection Regulation) is an EU-homogeneous regulation.
- It has been implemented as a local law in each EU member state and replaced any previous local laws.
- It was launched across the EU on 25 May 2018.
- The legislation aims to create coherence around managing personal data within the EU and increase security.
- In the case of a personal data breach, the controller shall notify the personal data breach supervisory authority by 72 hours after becoming aware of it.
- Penalties for non-compliance are either up to €10 million, or 2% annual global turnover – whichever is higher, or up to €20 million, or 4% annual global turnover – whichever is higher. The fines are based on the specific articles of the regulation that has been breached.
