The EU General Data Protection Regulation (GDPR) is a new European Union regulation that takes effect in May 2018. It applies to every organization, company or business – regardless of the entity´s location – that gathers, stores or processes data relating to EU residents.
The aim of GDPR is to give residents of EU countries more control over how their personal data is gathered, stored and processed; and every organization, company or business that interacts with residents of EU countries has to comply with GDPR or risk having stiff penalties imposed upon them.
Due to the volume of changes that may be required within an entity´s data mechanisms, organizations, companies and businesses who gathert, store or process data are being advised to take action now to ensure they are compliant with the EU General Data Protection Regulation by May 2018.
GDPR Changes How Personal Data is Defined
One of the most significant changes from previous EU data protection directives relates to the definition of personal data. Whereas previous directives have been comprehensive in defining what constitutes personal data, GDPR expands on this definition to include online identifiers.
According to the EU General Data Protection Regulation´s guidelines, online identifiers can include IP addresses and “cookies”. This implies that if your website is accessible by residents of EU countries, and you place cookies on their computers, you are subject to the new regulations.
Other changes to how personal data is defined includes any identifiable information relating to an individual´s mental, economic, cultural or social identity; any identifier relating to their location, genetics or biometrics, and the provision of health services that may reveal an individual´s identity.
How to Comply with the EU General Data Protection Regulation
In order to comply with GDPR, entities should review their existing systems for gathering, storing and processing personal data, and implement security measures and privacy policies where necessary. Entities should be aware that individual member states of the EU may have additional requirements.
Entities whose primary activities are data gathering, storage or processing must engage a Data Protection Officer. This person´s specialist role will be to provide independent supervision of an entity´s compliance with the EU General Data Protection Regulation.
Data Protection Officers should be appropriately qualified, and ideally have an understanding of the entity´s technical and organizational structure. He or she should also be familiar with the entity´s IT infrastructure and the technology used to comply with GDPR.
The Penalties for Breaching the EU General Data Protection Regulation
Compliance with the EU General Data Protection Regulation is mandatory and the penalties for breaching GDPR are significant. Each member state´s Data Protection Authority can impose fines of up to €20 million or 4% of the entity´s global turnover depending on the nature of the breach.
Consideration of the efforts made to mitigate the risk of a breach will naturally be taken into account. However, if an entity has failed to review its existing systems for gathering, storing and processing personal data, it would still likely face a substantial fine – even if the breach was accidental.
Further penalties – including criminal prosecution – may apply if an entity has failed to notify the relevant Data Protection Authority of a breach within seventy-two hours. Individuals can also bring civil action against the entity if the breach of personal data has resulted in an adverse event.
How WebTitan´s Portfolio Assists Compliance with GDPR
WebTitan offers entities a portfolio of online security tools to assist compliance with GDPR. These include our web filtering solution “WebTitan”, our anti-spam solution for email “SpamTitan”, and our advanced email archiving solution “ArcTitan”.
WebTitan Web Filtering Solution
WebTitan is a robust web filtering solution that can be configured to block access to websites known to harbor malware. WebTitan protects both wired and WiFi networks with a high level of granularity that Data Protection Officers can use to implement multiple acceptable use policies within an entity.
SpamTitan Anti-Spam Solution for Email
SpamTitan´s advanced front-end mechanisms help our anti-spam solution for email achieve a 99.97% detection rate. Security features such as malicious URL detection and phishing protection, and dual anti-virus engines driven by Bitdefender and Clam AV enhance the level of security provided.
ArcTitan Email Archiving Solution
The ArcTitan email archiving solution mitigates the risk of data exposure from both within and outside the entity. An essential tool for entities that collect personal data via website submission forms, ArcTitan´s powerful search engine facilitates accelerated searches and retrieval.
Find Out More about Complying with the EU General Data Protection Regulation
The EU General Data Protection Regulation is a comprehensive and detailed document. Its scope is considerable, and the implications for the privacy and security of data will likely impact every organization, company or business that interacts with residents of EU countries.
You can find out more about how the EU General Data Protection Regulation may affect your entity by contacting us today and speaking with one of our Sales Technicians. You are also invited to take advantage of a free trial of WebTitan, SpamTitan or ArcTitan to assist with your compliance efforts.