The General Data Protection Regulation – GDPR is a new set of rules governing the privacy and security of personal data directed by the European Commission replacing the outdated Data Protection Directive from 1995. GDPR was established in April 2016 and was driven by the increasing incidence of data breaches in recent years. It is the biggest change in data protection laws in 20 years, requiring companies to show compliance by May 25, 2018. GDPR carries provisions requiring businesses to protect the privacy and personal information of EU citizens, giving them back the power over how their personal information is processed and used.
Who Does GDPR Impact?
The GDPR applies to any organization of all sizes and industries including companies, government agencies, non-profits and any organization that offers goods and services to EU citizens, or collects and analyzes information tied to EU citizens. GDPR is multifaceted touching any department – IT, Marketing, Sales, HR, Finance, Security, Legal, Customer Service, Lines of Business and Senior Business Personnel. The type of information GDPR protects includes: Personally Identifiable information (i.e. name, address, ID numbers, date of birth, etc.), web data (i.e. location, IP address, cookie data, RFID tags), health and genetic data, biometric data, racial/ethnic data, sexual orientation, political affiliations, etc. Under the new rules, citizens also have the “right to be forgotten” – meaning they will be able to request that businesses delete their no longer necessary or accurate information.
How Does GDPR Impact My Business?
The GDPR has serious implications for businesses inside and outside the EU – including the United States. The GDPR requires organizations to secure personal information in accordance with its sensitivity and will change the way companies process, store and protect customers’ personal information. If a data breach occurs, data controllers must notify the appropriate regulators within 72 hours and notify affected individuals without delay. Companies that fail to comply with GDPR regulations can be imposed fines up to 4% of their global turnover or 20 million Euros – whichever is greater. According to a report by Ovum, two-thirds of US companies believe the GDPR will require them to rethink their EU strategy, 52% of U.S. companies believe they will be fined due to non-compliance and 85% of US companies believe GDPR will put them at a competitive disadvantage with European companies. Management consulting firm Oliver Wyman predicts as much as $6 Billion in fines and penalties will be collected in the first year.
Complying with GDPR
Complying with the GDPR is a business wide process that will require time, tools, processes and expertise, and potential changes in your privacy and data management practices. The systems you use to create, store, analyze and manage data can be spread across a wide array of IT environments – personal devices, on-premise servers, cloud servers and even the Internet of Things (IOT) which means most of your IT Landscape could be subject to the requirements of GDPR. To begin your journey to GDPR compliance, we recommend you focus on 4 key areas:
Discover – Identify what personal information you have and where it resides
Manage – Govern how personal information is used and accessed
Protect – Establish security controls to prevent, detect and respond to vulnerabilities and data breaches
Report – Execute on data requests, report breaches, and keep required documentation
OneVuex & Microsoft Security – Your Road to GDPR Compliance
OneVuex resides on the Microsoft Cloud (Office 365, SharePoint and Azure Platforms) and integrates the services, functionality and security of each of the platforms. In addition, OneVuex increases the security of each of those platforms with its Multiple Database Engine System (MDES) which provides each user their own system instead of a central core. So, if intrusion occurs with one user, Microsoft security systems quickly identify and protect your entire business and OneVuex’s MDES prevents it from impacting other users, so the business remains safe and operational.
OneVuex’s unique capability to seamlessly integrate information across all connected applications, platforms and cloud infrastructure services, and all IT environments and its ability to integrate all Microsoft security systems, makes it easier for organizations to address the four key areas of compliance throughout their entire organization in one easy to use solution.