The General Data Protection Regulation (GDPR) is the new European settlement which aims to give European citizens control over their personal data. Decided in December 2015, this regulation will apply from 2018 and concerns any company that collects, processes and stores personal data that enable to identify a person.
Cyber-risks are international, their impact and their severity levels evolve much faster than the implementation of good practices in terms of data protection and cyber security. Malicious code authors are more and more skillful at disguising their attacks via internet with cleverer, more discreet, diverse and furtive new threats.
In 60% of cases, a few minutes is all it takes for hackers to compromise a system
85% of attacks come from outside
1 out of 10 data theft is internal
5% of data leaks are accidental
88% of consumers class the protection of their personal data as the number one selection criteria before a purchase
Mass cyber attacks or targeted data thefts, these threats expose more and more victims and are additional risks to competitiveness. Faced with this situation, Europe acted and attempted to unify the regulation to guard citizens and web users, more and more aware of the problems surrounding the confidentiality of their data. After four years of studies and negotiations, the GRDP “General Regulations on Data Protection” was born. This text, applicable from May 2018 affects all European organizations. They must now adopt tools and procedures.
Any data relating to an identified / identifiable person are included in the GRDP, whatever their intended use. Therefore the management of personal data no longer only concern the businesses present on the internet, but any organization and service provider handling HR data, BtoB/BtoC, IP, mobile information, Cookies etc...
The consent of the citizen with regards to the collection of its data must always be explicit and documented. Organizations must be able to prove on an ongoing basis and retrospectively their diligence in terms of protection during the life time of this data:
|Consent traceability||Ongoing protection and security||Access authorization||Freedom to correct||Right to be forgotten|
|Overview, risk evaluation, study and analysis of impacts, encrypting, audits, integrity and availability of data, regular control and verification of measures|
|Up to €20 million||
The highest is retained
|Up to 4% of the annual turnover|
|The highest is retained|
Notification following a case of theft or data leak:
At any time, through precises documentation, the person responsible for the treatment must be able to prove the compliance of his/her data and/or the level of its compliance, the implementation of regular controls and the identified mechanisms not limited to the following: