As the years go by, there is increasing focus on the protection of personal information around the world. Over time we have seen US HIPAA, US GLBA, Canada’s PIPEDA, the EU Data Protection Directive 95/46/EC, and others around the world. The latest, most comprehensive, and the one that is the front and center of concern to organizations is the EU General Data Protection Regulation 2016/679 (GDPR), which replaces the former directive.
The GDPR strengthens and unifies data protection of individuals in the EU. Where the former directive required each country to pass national legislation that was not consistent, the GDPR is a regulation and not a directive and does not require further national legislation. Full compliance for organizations starts May 25, 2018, and applies to any organization that stores, processes, or transfers the personal data of EU residents. It does not matter if the organization resides in the EU. Fines can be stiff, going above €20 million or 4% of global revenues of an organization, whichever is greater.
The regulation defines personal data as: “Personal data is any information related to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
To be compliant and mitigate the risk of data protection incidents, organizations should . . .
The rest of this blog post can be found as a guest blog at SureCloud:READ MORE