PAUL COLMER
  • Vision
  • Blog
  • Influencer
  • Certifications
  • Vision
  • Blog
  • Influencer
  • Certifications
Search by typing & pressing enter

YOUR CART

17/5/2018 0 Comments

What Is General Data Protection Regulation or #GDPR ?

The European Union EU) adopted a new law in 2016.  It affects every company with customers residing in the EU.  It  comes into force on 25th May 2018, which is just over a week away.  It is called the General Data Protection Regulation, or GDPR for short.  But what does it mean, and should companies be worried?
Picture
​Firstly it address a number of key areas around the privacy of data to EU citizens, in relation to the storage, processing and handling of personal data.  Personal data includes data that can identify the individual directly.  This can include the following:
  • Name
  • Address
  • Contact Information
  • Date of Birth
  • Health Records
  • Photographs
  • Resumes
  • Drivers Licence
Below is a very short and simple video introducting the GDPR legislation:
I've simplified and summarised the key points of the GDPR legislation below:​
  • The customer has to give consent to the processing and usage of personal data.  This can affect businesses who record calls as a matter of practice.
  • ​Each EU country will appoint an independent supervisor authority who will handle customer complaints relating to the storage and usage of their personal data.
  • Storing of personal data must be done in a way that does not automatically identify the data subject. This means techniques like encryption, tokenisation and masking need to be understood and how they can be applied to the data.
  • Companies have a maximum of 72 hours to declare that they have had a data breach.  
  • Customers have the right to request erasure of their data.  This means that businesses, including cloud providers, need to ensure they are using the appropriate security controls to remove that data.  This can include using crypto-shredding, overwriting and encryption techniques.
  • Customers are also able to transfer their personal data from one system to another.
  • Automated decision-making, using techniques such as rules based scoring and artificial intellgience, is also under scrutiny.  Customers have the right to question and fight such decisions.
Picture
The overall effect is to provide improved protection for EU citizens and to unify the laws across the EU.  This puts onus on those businesses, including the cloud providers to ensure that data is processed fairly and in accordance with the law.  There are a number of sanctions that can be enforced, depending on the nature of the breach:
  • Written warnings.
  • Periodic data protection audits.
  • Fines of up to $20mEUR or 4% of revenue in the event of an infringement on the most significant provisions.

So what should companies do?  Firstly they need to seek legal advice from an expert in European Union law to understand the potential impacts and next steps.  Next steps are to perform an audit of their business processes and how they store data to understand their current state.  Then they need to perform some analysis on the law, with their legal expert to interpret the law and create a series of overarching requirements.  These requirements then need to be solidified into a series of solutions.  

Here is a great example of how market-leading SaaS cloud provider Xero, are approacing their GDPR obligations in relation to their financial accounting package:
Picture
It's so important in all this work to ensure that the IT, security, legal and business departments are all working together closely to work through the issues and implement the solutions.

Want to know more about how you can secure your data and ensure you are following the latest best practices?  Consider taking a Certified Cloud Security Professional certification, leading to an ISC2 examination.  I'd be glad to coach you through your questions and help expand your knowledge of all things security:

www.alctraining.com.au/course/ccsp-certified-cloud-security-professional/
Picture
https://twitter.com/DigitalColmer
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Categories

    All Active Directory Architecture Big Data Blockchain Cloud Comedy Cyber DevOps Driverless Cars MicroServices Office 365 Scaled Agile Social Media

    Picture

    Author​​

    Paul Colmer is a digital coach and a freelance technology consultant.  Paul has an infectious passion for empowering others to learn and to applying disruptive thinking in an engaging and positive way.

    Paul has experience in building digital architecture strategies.  This includes the development and execution of training material and workshops, architecting and leading digital transformation initiatives, providing expertise on social media marketing, as well as advanced presenting using comedy, drama and music.

    Certifications cover the Scaled Agile Framework (SPC), Cloud Security (CCSP), Amazon Web Services (AWS Ass Arch), DevOps Culture (DevOps Foundation & DevSecOps Engineering), Big Data (EBDP), Data Science (EBDA), Microsoft Azure (AZ-900), Office 365 and mnay others...... 

    He is currently one of the Rise.Global Top 50 Global Cloud influencers on social media.

    ​www.rise.global/the-cloud-social-influencers-power-100/p/1804096/r/2556192

    And one of the OnalyticsTop 100 Big Data influencers on social media:

    onalytica.com/blog/posts/big-data-top-influencers-and-brands/

    He is also a keen writer and an award-winning open-mic comedian.

    Contact Paul Colmer via LinkedIn.
    ​
    Or simply watch his videos on YouTube.

    Archives

    December 2021
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017

    RSS Feed

Proudly powered by Weebly