Data Privacy on the spotlight!
Data Privacy Day may not be an official holiday for your IT department, but it definitely should remind you that you need to focus and do more to protect confidential data.
The Data Privacy Day was first introduced in 2009 by the Online Trust Alliance (OTA) in response to the increasing number of cybersecurity attacks and data privacy breaches, emphasising the need for effective data protection regulations and transparent processes for collecting and using personally identifiable information (PII).
Examples of PII that fall under data protection regulations are:
• Social Security number, full and truncated;
• Driver’s license and other government identification numbers;
• Citizenship, legal status, gender, race/ethnicity;
• Birth date, place of birth;
• Home and personal cell telephone numbers;
• Personal email address, mailing and home address;
• Security clearance;
• Financial information, medical information, disability information;
• Law enforcement information, employment information, educational information
If one considers the sources that PII can be collected from and how many new are added on a daily basis – big data, the internet of things, wearable technology – it is easy to understand why data privacy has become increasingly challenging. And let’s not forget the ransomware attacks, which are the latest major data privacy challenge.
Despite the size of the recent ransomware attacks, the majority of organisations still don’t have structured processes in place to prepare themselves and keep confidential data safe. Although there are effective steps for protection against ransomware threats, their number has significantly increased and companies delay to announce in fear of negative publicity.
In order to stop such actions from happening and improve the current data privacy practices, the European Union is introducing the General Data Protection Regulation (GDPR) taking effect in May 2018. This is the biggest shake up of data protection laws in the last 20 years.
What is GDPR?
GDPR is the latest set of regulation law framework across the EU that aims to increase data privacy for individuals, and gives regulatory authorities greater power to take action against businesses that breach the new data privacy laws. GDPR also introduces rules relating to the free movement of personal data within and outside the EU.
In particular, GDPR involves:
• Obtaining consent for processing personal data must be clear and must seek an affirmative response.
• Data subjects have the right to be forgotten and erased from records.
• Users may request a copy of personal data in a profile format.
• Parental consent is required for the processing of personal data of children under the age of 16.
As a result, organisations need to be extremely aware of these changes as they can face very strict fines in the cases of non-compliance. Can your organisation afford to be fined up to £20 million for failing this data privacy regulation or 4% of annual global revenue, as required by the new General Data Protection Regulation?
24% are unaware of the incoming data protection legislation, while one in three companies believe that GDPR isn’t relevant to them.*
Get Started with a GDPR Readiness Assessment
In response to the fast approaching data protection regulation, Logicalis UK Advisory Services team have developed a GDPR Readiness Assessment that will allow us to help you understand and frame your thoughts on your journey to compliance.
The Logicalis GDPR Readiness Assessment will help you answer a key question – Where am I on my journey to data privacy compliance, today? By investigating elements of your organisational landscape, we will produce an ‘as is’ assessment, where we will be able to gauge where you are on a standardised maturity curve, considering all things around cybersecurity and data protection.
Get in touch with our Advisory Services to discuss how we can help you in your journey to GDPR Readiness.
*London Chamber of Commerce and Industry, https://www.londonchamber.co.uk/news/press-releases/one-in-four-london-businesses-unaware-of-new-data/