The GDPR is Coming: 5 Things You Need to Know Now Oct 13, 2016
It’s the most dramatic change to hit data privacy regulation in decades, and it takes full effect in just 18 months. The EU’s newly adopted General Data Protection Regulation (GDPR) is coming, and businesses the world over need to be prepared. Here are five things you should know about the GDPR right now:
- 1. It’s for everyone. Not based in the EU? Don’t look the other way—the GDPR is still for you. The GDPR greatly expands the territorial scope of EU data protection, going beyond the location of the data processing. Instead, what counts is the location of the individual, or data subject, whose data is being processed. So if a company processes any personal data of an EU resident—a name, a photo, posts on social networking sites, an email address, medical information—the new regulation applies. The GDPR defines its reach to include any entity offering goods or services to EU subjects, and/or monitoring data about EU subjects.
- 2. It’s time to prepare. Twenty years ago, the EU’s previous data protection mandate (Directive 95/46/EC) was created to regulate the processing of personal data. But in the last 20 years, technology has changed, and so have data protection needs. The European Commission made a 2012 proposal to overhaul the regulation, which eventually led to the April 2016 adoption of stronger and more unified data protection rules. In May 2018, following a two-year post-adoption grace period, the GDPR will become fully enforceable.
- 3. The penalties are steep. Failure to comply with the statute can result in heavy fines and restitution—to the tune of 4% of global revenues, in some cases. When a data subject can prove harm stemming from an infringement of the GDPR, he has the right to seek restitution from the data controller and/or processor. Non-compliance also risks administrative fines. Depending on the type of infringement, fines can reach €20 million or 4% of global turnover (whichever is greater), and €10 million or 2% of global turnover (whichever is greater). The higher liability is applied for non-compliance regarding the GDPR’s basic processing principles, data subjects’ rights, international transfers, obligations adopted by member state laws, and a supervisory authority’s order.
- 4. It’s all about protecting individuals. Data handling must protect personal data now more than ever. So data controllers need the proper documentation and policies in place to prove compliance. The GDPR grants data subjects greater access to, and control over, their own data—so organizations will be required to provide these individuals with any personal data they request, and in a consumable format. One bonus right under the new regulation is the “right to be forgotten,” meaning individuals can demand that their personal data be deleted by the data controller.
- 5. Dataguise can help. Dataguise is the only vendor that can provide end-to-end protection to assist with the GDPR and other regulatory compliance requirements—complete with detection of sensitive elements, visibility into entitlements, protection in the form of masking and encryption combined with RBAC-decryption, and monitoring of sensitive/privacy data access by users. Dataguise DgSecure provides this functionality without requiring customers to write a single line of code.
Since data is present in different data stores—Hadoop HDFS, RDBMS, file systems, NoSQL DBs—and they move between these stores, DgSecure provides a consistent process across these data stores for a policy-driven approach to data management from a security/compliance standpoint at the source, in-flight during ingestion, and at rest. With the additional flexibility to allow individual business units, sharing a Hadoop cluster, to set their own policies for their data, enterprises can have centralized policy control and/or decentralized control with broad policy guidance from a central entity. And it does all that with data on premises, in the cloud, and in hybrid environments.
On top of all that, DgSecure offers monitoring of sensitive data on an ongoing basis, providing clear visibility into a number of key areas. Wondering where sensitive data exists in your data repositories, on premises, and in the cloud? Need to know about sensitive data that is being protected — or exposed? Curious about who is accessing sensitive data? DgSecure answers each of those questions, while insuring companies stay in compliance as new sensitive data continues to flow in and out of their enterprises — and to and from the cloud.
Finding the exact location of personal information across all repositories is the first step to becoming GDPR compliant — and arguably the most important step in your GDPR journey. Dataguise has helped the world’s leading enterprises locate sensitive information in areas they were not aware of. Run DgSecure detection today, generate a report of the location of the personal information in your data repositories, and begin building your company’s GDPR plan.