What is it? GDPR is a regulation which has been
passed by both the EU
Council and Parliament.
it take effect? GDPR takes effect on May 25, 2018, which includes
a 2-year transition period, which began at the end of April, 2016,
for companies to comply with GDPR.
must be protected? Any personal data or data which can be used to
uniquely identify a person must be protected.
is considered to be a data breach? A data breach is defined as:
accidentally losing data, losing data to cybercriminals,
destroying or changing personal information, unauthorized
disclosure of personal data, unprotected access to personal
information and more.
is affected? Data in motion (i.e. data transmissions), data at
rest (i.e. stored data) and processed data are all affected.
What should be done if a data breach is
discovered? Data breaches should be reported to the relevant
authorities and to the people involved; both within a specific
outside the EU are affected? Companies which are not in the
European Union (EU) but do business in the EU or operate in the EU
are affected by GDPR.
should a company do now? According to Article
32 sub-paragraph 3 (see page 63), encrypting personal data can
potentially relinquish some notification requirements from
companies which have and manipulate personal data. This is based
23 on page 23 which states: “The principles of data
protection should not apply to data rendered anonymous in such a
way that the data subject is no longer identifiable.”
What are the penalties? Not protecting
sensitive data with encryption is considered to be a severe
violation with a potential fine of up to 1M euro.
can Raz-Lee’s iSecurity suite of security, encryption,
auditing and compliance solutions help attain GDPR compliance?
The iSecurity suite of products is currently helping companies
worldwide to comply with the regulations which are relevant to
CFR Part 11, HIPAA,
and other regulations.
Let Raz-Lee assist your
company become- and remain!- GDPR-compliant; contact us at firstname.lastname@example.org.