Keep scrolling down
General Data Protection Regulation
…and how did we get there?
Scroll down to learn more
In a nutshell
GDPR gives new rights
to EU citizens over
their personal data.
A right to withdraw consent and easier
access to their own data and more…
Understanding the Context is Key
The responsibility that companies take on
when they are given personal data.
They must meet a strict set of criteria in order
to prove that they are protecting it
There were Two Drivers!
Giving control of data back to
the individual. Companies need a
valid reason to collect data.
GDPR is going to drive uniformity
for every country, making it
easier to legislate.
No Opt In / Opt Out
You have to comply!
The penalties for non compliance are scary…
4% of annual turnover
or € 20 million
whichever is higher
IF GDPR AFFECTS EU CITIZEN DATA,
WHAT ABOUT BREXIT?
We don’t know when the UK will leave Europe, or what their position is going to be.
GDPR refers to the collection
and transportation of EU data.
Any organisation which holds or transports EU
citizen data will still have to comply with GDPR.
Most UK companies are dealing with EU citizen data in some way shape or form
bank account details, email addresses, sensitive personal information but also IP addresses.
( that really expands the scope of who this legislation affects ).
It’s also very likely that the UK is going to
replace the data protection act of 1988
with something extremely similar to GDPR.
Therefore taking steps to protect your data now, regardless,
will have a much greater chance of protecting your
business against cyber threats.
It’s a huge step forward in how the world sees data protection.
How do I start planning to meet
Do some gap analysis. There are some very specific guidelines…
Compare those with your current
processes and structure and
work out what the gaps are...
You can then build a roadmap.
Raise awereness with your
customers! What is expected of
their employees at every point
in the journey.
Don’t leave it too late… Start now! There are experts who can help you if you’re not sure where to begin.
CAN YOUR CUSTOMER
WITH A PARTICULAR
PIECE OF TECHNOLOGY?
GDPR IS ABOUT SECURITY PROCESSES AND MANAGING RISK
Technology can’t work unless it’s accepted into the
organisation, and everything works together
Cyber security is thought as being a technology
problem – with a technology answer.
However, the bad guys have got clever…
GDPR specifies that organisations have appoint a data
protection officer, who is distinct from a risk officer,
and distinct from most other IT functions that currently exist.
Data protection officers have a specific mandate,
it’s a role that sits outside of IT and of the boardroom,
so they’re not answerable to anyone else other than
It’s about ensuring that companies recognise how much
responsibility they carry when they collect and transfer
other people’s data.
Techniques to help ensure
data availability and
integrity in the event
of a failure.
the more critical the data, the more important it is to protect it.
But not all data has equal importance.
To quantify importance, the industry uses the terms
“recovery time objective (RTO)” and ” recovery point objective (RPO).”
RTO and RPO
should be defined for
each application and its data.
the RTO is the lenght of time that you can run your business without access
to your data and not incur significant losses. In other words, how soon do you need
your data back in the event of a failure?
The RPO is the maximum time period over which you can tolerate data loss or corruption.
KNOWING YOUR RTO AND RPO WILL HELP YOU
INCORPORATE THE RIGHT LEVEL OF DATA PROTECTION
FOR YOUR APPLICATIONS FROM THE BEGINNING.