Download our GDPR tech brief and discover how to achieve GDPR compliance with BeyondTrust cybersecurity solutions. get the guide
What you should consider as the deadline approachesKey elements to be considering as the deadline for enforcement approaches include the following:
- If you process data for another organisation, i.e. don’t collect it directly yourself are don’t use the data yourself, you still need to be compliant. Unlike the Data Protection Directive (95/46/EC), it’s not just the collector of the data that’s liable.
- With the GDPR personal data is defined as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, post on social networking websites, medical information, or a computer’s IP address.” This is extremely broad, so make sure you are aware if you collect or process any of this data whether deliberately or not.
- Make sure that any data you do collect is covered by appropriate authorisations from the user as these have expanded substantially; simple agreements are unlikely to suffice moving forward.
- Lastly, make sure you have processes in place to notify users of a breach when it happens. GDPR allows only 72 hours for such notification to take place.
Next stepsBest practice in personal data security can only benefit us as individuals and as organisations. Better notification and more openness in admitting we’ve been breached will help us all respond to the threats that are out there. GDPR is the first significant data protection legislation in several years; the rest of the world is watching and is likely to adopt similar protections for their own citizens. Being GDPR compliant will help prepare you for those as well. As my Grandmother used to say, “A stitch in time, saves nine.”
Get our GDPR guideBeyondTrust has written a new guide on the objectives of the GDPR, and how BeyondTrust privileged access management and vulnerability management solutions can help. Download the guide, or contact us for a strategy briefing today!
Brian Chappell, Director, Product Management
Brian has more than 25 years of IT and cybersecurity experience in a career that has spanned niche system integrators, PC and Software vendors, and high-tech multi-nationals. He has held senior roles in both the vendor and the enterprise space in companies such as Amstrad plc, BBC Television, GlaxoSmithKline, and BeyondTrust. At BeyondTrust, Brian leads the Product Management of the flagship Password Safe product globally, ensuring the delivery of a world-class, industry-leading Privileged Password and Session Management solution. Brian can also be found speaking at conferences, authoring articles and blog posts, as well as providing expert commentary for the world press.