General Data Protection Regulation Services

General Data Protection Regulation (GDPR) (1) by the European Parliament and the Council, was adopted on April 2016 and focuses on the protection of natural persons, with regard to the processing of personal data and on the free movement of such data.

It came to replace the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Key definitions  for the purpose of Regulation: 

Any handling of Personal Data throughout its entire life cycle, from collection to deletion, is considered “processing”. Even remote access is considered “processing.”

“Personal data” is defined in GDPR as any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Main Requirements of the Regulation

  • Privacy by Design and by Default
  • Data Controller/Processor
  • Consent
  • Data Protection Impact Assessment (DPIA)
  • DPO
  • Privacy Accountability
  • Pseudonymization
  • Data breach Notification Obligation

The GDPR introduces the following rights for data subjects:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

GDPR goes into effect in 25 May 2018 and has international reach. So, when GDPR goes into effect, any organization that processes data of EU data subjects will encounter new, uniform data protection requirements or strict fines for non-compliance, 4% of annual turnover or €20 million per incident, whichever is higher.

Although we are expecting more clarifications on GDPR topics to come by Article 29 Working Party (2), and probably stricter guidelines in national level, the time for organizations to start preparing and educating themselves is now.

HOW PERFORMANCE TECHNOLOGIES CAN HELP YOU IN YOUR GDPR COMPLIANCE JOURNEY

GDPR isn’t a new approach on data protection, though organizations are required to be compliant by 25 May 2018. To that end, organizations should review their existing data protection framework, business processes and security systems to understand the gaps with GDPR mandates, in order to effectively achieve compliance and to avoid fines.

In this short timeframe, we are here to assist you in fast, effective and full compliance with GDPR regulation, throughout the entire data lifecycle, from sensitive data discovery to implementation and monitoring of your data protection and compliance strategy.

We have proven experience and strong partnership with leading industry solutions, that aim in data protection and provide GDPR compliance, including but not limited to areas such as:

  • Data Discovery
  • People management – Identity Management & Privilege Identity Management
  • Database & File Server protection
  • Data Masking
  • Data encryption
  • Backup
  • Email Archiving
  • Mobile Device Management

(1) EU GDPR regulation 2016/679 published document: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC

(2)          Article 29 Working Party is made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission. The composition and purpose of Art. 29 WP was set out in Article 29 of the Data Protection Directive, and it was launched in 1996 (Wikipedia)