GDPR: A Necessity with New Requirements
The General Data Protection Regulation comes into force in 2018 and provides for the implementation of new requirements for organisations.
To enhance the protection of personal data, the new General Data Protection Regulation (GDPR) is concerned with defending consumer rights and setting new standards for business security. It is crucial that they proceed in the same way with digital data as with confidential documents kept in a safe. In the absence of effective protection measures, such data may be copied illegally and, in the most serious cases, disseminated or resold. We no longer only talk about data protection, but of data privacy and setting standards for the protection of organisations.
The 4 main concerns for organisations include the following:
Ensure Data Security and Integrity
Files containing personal data should only be accessible to authorised persons. The files must be permanently checked for copies and changes. In the event of a security incident, the company should be in a position to provide information and explanations of the incident.
Documentation of Access Rights
The concept of accountability requires that institutions dealing with data be in a position at all times to demonstrate they have access rights history.
Particularly for those new to an organisation, changing job roles or leaving the employers. The IT department and the relevant departments concerned are required to have an overview of the permissions held by employees. In a position to modify permissions quickly, knowing that data theft most often occurs when an employee leaves an organisation. The department concerned must revoke access rights to all files without delay on the employee’s actual date of departure from the organisation.
The Creation of a "Data Protection Officer"
This new regulation requires a clear division of responsibilities for the processing of personal data. From this perspective, the creation of the role of "Data Protection Officer" is of crucial importance. The responsibility of the Data Protection Officer is to monitor data processes, ensure data security and integrity within the department. The creation of new functions such as this simultaneously requires the implementation of new collaborative processes to document all processes.
Personal data is defined by the relationship linking a natural person to another object or event. They are characterised by the fact that they make it possible to identify a specific person. Personal data includes bank account details personal information, as well as e-mail and IP addresses. The determining factor for the application of the new regulation is not the location of the undertaking but rather the place of residence of the person whose data is entered.