TechTonic Times

Security I Networking I Storage I IT Staffing I Managed Services

GDRP only for EU? Not So. Consider This.

General Data Protection Regulation GDRP
What is GDRP or General Data Regulation Protection?General Data Protection Regulation GDRP

When asked for a  password for an account that you are about to create, what do you immediately think of?

Your house address? Your date of birth?  Your son’s birthday?

Did I get it correctly?

Of course!

Oh, and lose that  sheepish grin.

Me too.

I am guilty too.

And you know something else?

We are not alone.

According to Forrester (an independent research firm), nearly 30% of security professionals still use basic personal information to reference  passwords.

It’s as if  personal information has become the ultimate vault.

So most of your clients and the people with whom you do business also default to their personal information when asked to create a password.

But,

GDRP compliance  aims to protect your basic yet critical information.

You will become the priority.

It feels good, doesn’t it?

The idea that someone’s got your back?

Yeah, I like the feeling too.

The EU General Data Protection Regulation (GDPR) proposed by the European Commission  will  take effect this year.

This new regulation aims to unify data protection for all data owners within the European Union. It will not only affect businesses in the European countries, but US companies who are doing business with EU citizens as well.

If you are a global enterprise, May 25, 2018  is the deadline to comply.

I hate that word.

‘What word?’

‘Comply.’

It sounds like sub-ordination.

But comply you must.

Or,

Pay the Piper…

And this piper demands 4% of your annual global income or up to 4 million Euros, whichever is greater.

You can learn the steps to be GDPR ready here.

The new regulation is expected to change the way business enterprises around the globe handle customer data.

Its primary focus will be on personal and critical information which include but will not be limited to:

  • Basic information such as name, date of birth, etc.
  • Racial Data
  • Sexual Orientation
  • Biometrics Data
  • Political Opinions

 

The  GDPR context is broad and complex but it speaks to three (3) major components:

What’s in it for the data owner?

 

   

 1. Better Data Protection and Privacy 

 

So you’ve got some haters in your life?

So does GDRP.

GDRP is criticized because a Data Protection Officer must be appointed in each organization.

Big Brothers are rarely popular.

But just imagine, someone tasked with the sole responsibility of watching your back.

Think,  ‘The bodyguard.’

I loved that movie.

He or she will ensure that your data is monitored and protected systematically.

This big brother will seduce the hearts of the masses.

But the critics cry,

“It’s a good idea but too much administrative burden.”

I’d rather have the ‘burden’ than the Piper’s fee.

Caution!

Security awareness can never be covered by one person in an organization.

Get your entire team involved.  And  compliance should not be the only the focus. Rather, your team must be immersed in the collective understanding of the data’s importance.

Customer data with which they have been entrusted.

Then stand down and observe.

Your security posture will have improved by simply being vigilant with the information that is being exchanged on a daily basis.

 

2. More Control on how Data will be handled

 

Who doesn’t like to be in control?

If you don’t, you’re an anomaly, or you may be from Mars.

GDRP aims to give customers more control of their data. Therefore ‘consent’ will become a critical component in the process to authorization before customers data can be used.

And, should a  breach occur, businesses will be obligated  to inform the affected data owners once the severity has been determined.

 

 3. Have more rights on Data shared 

 

So with more control comes more access.

GDRP will give the data owner more rights on the personal information they have shared once it takes effect.

This means your organization must readily provide the personal records you have in store including the processes that it went through at the owner’s request.

Data owners will have the right to have their data erased, should any personal security issue arise.

Furthermore, the  customers right to have their data transferred from your system to another will take form.  And while this request is not a key element in Cyber-security practice among enterprises in the EU, the commission has clarified the significance:

It will increase the social interaction between the clients and the organization.

Whether or not the new GDRP compliance affects you directly, adopt it as as your company’s mantra to improve  data security and protection.

Ultimately, a better relationship with your clients will ensue.

And, I’ve heard it said that the ‘right relationship is everything.’

 

You remain a critical part in maintaining the Global Security Hygiene!

It's only fair to share...Share on Facebook
Facebook
0Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

Leave a Reply