One year countdown: are you fit for the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) looms just over the horizon. The countdown is on for GDPR compliance by May 2018! Intended to improve personal data protections and increase accountability for data breaches, it is perhaps the most comprehensive data privacy standard to date. It brings with it the potential for crippling fines, up to 20 million euros.
The regulation presents a significant challenge for organisations that process the personal data of EU citizens, regardless of where the organisation is headquartered and even for organisations handling personal data of any national since the company is based on the EU territory.
ASSESS YOUR READINESS
The question, “Are you fit for GDPR?” is a complex one with many aspects to consider.
Just a few questions among the many concerns:
- Do you understand the risks to the systems where personal data is processed?
- Are you prepared to respond to a breach in accordance with Articles 33 and 34?
- Can you respond to a data subject’s request to ‘be forgotten’?
- Less than a third of companies (31%) are prepared for the GDPR
Have a plan and stick to it
If you have checked your compliance, you should know what you process, on what legal grounds, who has access and understand the lifecycle of captured personal data. You are past some of the most challenging stages. The next step is to implement data protection by design, and by default.
Key requirements:
- Policy documentation on personal data protection
- Incident Response/Breach notification response plan : crisis management
- Legal documents giving evidence of the conformity with GDPR
- Security measures implementation
HOW THALES CAN HELP
Thales, a major European leader in cybersecurity with long-term data protection expertise, is your one-stop-shop to achieve and maintain GDPR compliance.
- To start with, we help you assessing you current GDPR maturity: our experts will analyze your processes and with the help of specialized tools we create a data map, where personal data is stored, processed, and how it is flowing between information systems.
Thales is also partnering with legal firms across Europe to assure a full coverage of all requirements.
Your individual GDPR compliance plan will contain a prioritized action list for roles & responsibilities, processes, awareness actions, a data protection policy and suggestions how to integrate GDPR requirements into your existing information system.
Preventing personal data leakage is a major concern of GDPR: with our Vormetric Data Security solution portfolio you protect your data on multiple levels through encryption, and also assure visibility of unauthorized access to personal data.
Our IT experts help you to implement the required functionality to comply with individuals’ rights, such as “right of information”, “right to be forgotten” or “limitation of processing”. Solutions developed by Thales implement the key principles of “Cybersecured by Design” and “Privacy by Design”.
Once initial GDPR compliance has been achieved, a full set of solutions and services help you to remain compliant: our data protection products and agents detect and alert suspicious activities and allow you to intercept before a data leakage attempt can create damage.
All these information can be consolidated and managed in real time by our CSOC (Cyber-security Operation Center). Through our HySIO (Hybrid and secured IT Outsourcing) offer we can help you to be your GDPR compliant data processor across all types of infrastructures from local data centres to public clouds.
With regular audits, intrusion testing and consulting, we help you to demonstrate your GDPR compliance at any time.
For more information watch our video :
Tick, Tock: Just 1 Year to GDPR Enforcement – How to be technology ready