Cisco: Start Your Privacy Protection Planning Now
One of the most talked about topics at the June Infosecurity Europe 2017 conference in London was the General Data Protection Regulation (GDPR). This is a new law concerning data privacy which will render the implications of a data breach much more severe and comes into force in all EU countries from 25th May 2018.
It should be noted that the GDPR will affect any organisation that stores personal information on EU citizens. Under current legislation, the processing of data should happen inside the EU, unless the outside country offers a similar level of protection (for example, EU-US Privacy Shield). While the GDPR will harmonise data protection laws across the whole of the EU, which theoretically makes it easier for non-EU organisations to comply, the new requirements will be stricter which will ultimately make compliance more challenging.
The main consequence of not complying with this regulation is a fine for any organisation that suffers a data breach, and anything in that compromised data containing personal information on someone who resides within the EU. Such data can include someone’s name or address, as you might expect, but also their IP address. This law holds true of all personal data, which includes employment data and not just that of consumers. The fine can be as large as €20 million or up to 4% of annual global revenue, whichever is higher. In addition, organisations will be legally obliged to report a breach within 72 hours of it being discovered.
Read the entire article here, Start Your Privacy Protection Planning Now
via the fine folks at Cisco Systems.