A SUMMARY OF WHAT YOU NEED TO KNOW
• There is a two year transition period for implementation –the law will apply in the spring of 2018!
• Companies will have to appoint a DPO (Data Privacy Officer), who is responsible for advising on and monitoring GDPR compliance, and is a point of contact for the authorities.
• Data authorities and consumers must be notified within 72 hours after the discovery of a breach.
• Local data authorities will have additional resources to investigate and audit data controllers, and processors and their sub-contractors. A new European Data Protection Board will act as a super data authority to handle disputes between authorities.
• A tiered penalty framework with fines of up to 4% of global annual turnover (or €20,000,000, whichever is higher) for more serious violations, and up to 2% (or €10,000,000) for other violations, such as failing to notify a data authority about a breach.
• Beware! Data controllers and processors are not the only ones responsible… sub-contractors may also be penalised in the event of violation. GDPR compliance date – 25th May 2018
WHAT’S THE GDPR TRYING TO ACHIEVE?
• The harmonisation of European data protection rules and regulation with a single law, and consistent enforcement.
• To establish the right to personal data protection
• An improved framework for the European Digital Single Market
• To encourage innovation while ensuring a high level of protection for citizens
ACTIONS TO TAKE AT ONCE
• Identify where personal data is located (NAS, SharePoint, Cloud, etc.)
• Delete global accesses and overexposed data
• Apply a least privilege model
• Monitor and audit data access and permission changes
• Set up automatic alerts for incident response and remedies
• Increase security with machine learning and user behaviour analytics (UBA)
• Establish data retention procedures and systems so that data is not stored longer than necessary
BROOKCOURT CAN ASSIST WITH:
• DatAlert: User Behaviour Analytics
• DatAdvantage: Data Audit & Protection
• Data Transport Engine: Data Retention & Migration
• Data Classification Framework: Sensitive Content Discovery
• DataPrivilege: Data Access Governance
GDPR implementation compliance plan
t: 01737 886111