make a good business better

Blog Information Security

Print Divider Print Divider Branding
 

Why the GDPR Should be on Your Radar

05/04/2018  |  By: Mark Fulford, CISSP, CISA, ABCP, HITRUST, Shareholder, Information Security

Share

Social Logo Social Logo Social Logo Social Logo

The General Data Protection Regulation (GDPR), Europe’s new framework for data protection laws, officially goes into effect on May 25, 2018. And it’s causing U.S. businesses in every industry to prepare for enforcement.

Whether you’re a hospital that has patients who live in the European Union or you’re a legal firm with clients in the EU, you’re required to meet the new GDPR standards

Why the GDPR Should be on Your Radar if You’re in IT

So, what should organizations be preparing for in regards to the new GDPR requirements? Here are a few important keys to consider if you maintain information for any EU citizens:

  1. The GDPR requires strict adherence to individual consent while acquiring their personal details.Many of the current U.S. regulations are organization-centric and are mainly targeted at protecting an individual’s information from a security breach. The GDPR takes consent to a new level. It requires the organizations must get an active consent from the individual before storing any of their personal details in their database. 
  2. The GDPR includes a right to be forgotten rule worth noting.With current regulations, an individual’s record that is in the organization’s database cannot be erased simply because the person wants to. The GDPR allows individuals a right to erasure, although what must be done is not black and white. 
  3. The GDPR emphasizes compliance, risk activities, and high-security storage.Similar to many of the current regulations, the GDPR provides strict guidelines when it comes to implementing a risk-based approach to data processing and measuring the effectiveness of privacy and security compliance controls. With the GDPR, it is mandatory for organizations to deploy adequate security, encryption, pseudonymisation, redundancy, and intrusion detection mechanisms in order to ensure that constituent data is not compromised in any way.

Is Your Organization Prepared for GDPR Enforcement?

In many ways, GDPR takes cybersecurity to a different level for certain organizations. It's going to be just as significant, if not more, than the current industry regulations.

Making sure your organization is aligned with the data handling requirements of the GDPR before the enforcement date of May 25th is critical. In addition to familiarizing yourself with the GDPR requirements, it’s important to map those requirements to your organizational policies and procedures. This is where our team at LBMC Information Security can help. 

LBMC Information Security’s compliance and audit experts can help your organization with GDPR compliance, and BALLAST can help you manage all of the actions needed to obtain compliance.