0 Results Found
            Back To Results

              General Data Protection Regulation

              What is the General Data Protection Regulation?

              The General Data Protection Regulation (GDPR) is the most comprehensive overhaul of European data protection rules in more than twenty years. Its purpose is to replace the varying implementations across Europe of the earlier European Union Data Protection Directive with a single, harmonised EU regulation. The intended outcome is a standardised set of expectations for an organisation’s management and protection of personally identifiable information (PII) on employees, clients and other applicable data subjects.

              Why it matters

              As of the 25th May, 2018, organisations globally that process EU citizen data need to ensure they are taking steps to ensure they are ready to fulfill new data protection requirements.

              Common Misconceptions

              The GDPR is the most comprehensive overhaul of data protection rules in over twenty years. As we edge nearer to the enforcement date, the hype and urgency increases and it is no surprise that misconceptions about the regulation abound.

              • It’s not about where your organisation is domiciled or headquartered. If you have subsidiaries or customers in the EU, work with EU vendors, or process EU citizen data, you’re in scope.
              • It’s not an isolated department’s responsibility. A GDPR Programme is a cross-functional effort. Legal deals with the processing elements, IT with implementing technical controls and security with protection of the data, including detecting and responding to any threats to that data.
              • It’s not a one-time fix. Once May 25th, 2018 has passed, the work to fulfill the requirements isn’t complete. Any single change you make going forward that impacts personal data, must be assessed to ensure that it doesn’t move you into non-compliance.
              • There is no one-size fits all programme of remediation work, solution or technology. GDPR is a risk-based, business driven framework, built around your own individual organisational operations and your own risk profile and that of your data subjects.
              • There is no GDPR certification, it’s about due diligence and taking appropriate action to protect personal data.

              What GDPR Means for your Security Strategy
              White Paper What GDPR Means for Your Security Strategy

              GDPR provides a comprehensive data protection regime, of which data security is one part. Privacy and data protection issues have far-reaching implications for many aspects of business operations and GDPR is likely to require significant changes across many parts of the organisation.

              With the right approach and help, organisations can use the requirements laid down by GDPR that affect information security to promote privacy, security, and business enablement.

              Featured Resources

              Articles

              Are You Fully Prepared for a Cyber-Attack? Read More

              Videos

              What Proof of Compliance will GDPR Regulators be Looking for? Read More

              Articles

              Do’s and Don’ts of GDPR Data Security – a Journey to Compliance and Beyond Read More
              Your GDPR Plan: 4 Steps to Bolster Security & Meet Compliance
              On-Demand Webcast Your GDPR Plan: 4 Steps to Bolster Security & Meet Compliance

              While it’s not just about security, GDPR is likely to impact the way you need to think about security. But where do you start? What should organisations be doing to ensure that they are taking positive steps towards compliance, but also generating enough urgency internally to be able to achieve this goal? What do you do after/during a gap analysis to ensure you are taking a pragmatic approach to remediation? Hadi Hosn, Global Security Consulting Solution Lead, reviews the GDPR basics, what they mean for your business, and the steps you can be taking now on your journey to compliance.

              GDPR Breach Notification: A Spotlight on Detection Reporting
              Blog Breach Detection & Reporting

              When it comes to reporting an incident, new guidance from the Article 29 Data Protection Working Party on GDPR breach notifications encourages organisations to include notification to the supervisory authority as a key step in their incident response plan. It also outlines practical steps that every organisation can implement. In this blog, our risk management and information security experts outline some good security practices to consider.

              Compliance with the Six Principles of the GDPR
              PRINCIPLE 1 Fair, lawful and transparent processing of personal data
              PRINCIPLE 2 Specified, explicit, and legitimate purposes for the collection and processing of personal data
              PRINCIPLE 3 Personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes of the processing
              PRINCIPLE 4 Personal data is accurate and kept up to date
              PRINCIPLE 5 Personal data is kept only as long as necessary
              PRINCIPLE 6 Personal data is processed in an appropriate manner to maintain security of the data

              Additional Resources

              White Papers

              Six Steps to Implementing a Risk-Based Security Approach Read More

              White Papers

              Four Steps to Bolster Security and Meet GDPR Compliance Read More

              White Papers

              Is Your Incident Response Plan Ready for Any Scenario? Read More

              Talk with our cybersecurity experts

              +44 0 131 260 3040