The EU General Data Protection Regulation (GDPR) comes into force on 25th May this year. There are few exemptions from this new data protection regime and it applies even to businesses outside the EU that are processing the data of EU citizens. Breaching the GDPR could cost a business dearly with fines of up to €20 million or 4% of annual turnover - the highest ever potential penalties for a lack of data protection compliance.
A new dawn for data protection
The GDPR is not just a tick box exercise. It is designed to encourage businesses to reevaluate the way that data is handled internally to ensure its security and to apply limits to how and when it is processed. An IT infrastructure that has been compliant with previous data protection legislation in the UK is a good place to start but is likely to require additional evolution to ensure GDPR compliance. Crucially, the GDPR has expanded the definition of what counts as personal data, which means that the scope of what must be protected is now significantly broader.
Key provisions of the GDPR
A new approach to consent. Any business must be able to show that a data subject consented to the processing of their data. The GDPR introduces new standards of consent that require it to be specific, unambiguous, explicit and proactively given.
Data breach reporting now has a time limit. Businesses have just 72 hours to report a data breach to avoid a fine.
Security is a top priority. As a result of the GDPR the onus is now on businesses to be able to demonstrate that they have taken proactive steps to ensure that the IT infrastructure in place to contain data is secure and access is limited.
Data management. The GDPR gives data subjects the right to request that all data held on them is deleted or to ask questions about what data is stored and why. It is crucial that your IT infrastructure enables key questions to be answered and action taken when required.
Implementing privacy by design. The GDPR requires that key business architecture, such as IT infrastructure, is created with privacy as a priority, as opposed to an add on. This means that a secure architecture for services must be a top priority.
Ensuring your IT infrastructure is GDPR compliant
Every business is different but there are some key steps that can help to transform an organisation on the compliance front, including:
- Creating a robust IT infrastructure that makes use of virtualisation and cloud technology
- Prioritising the protection of personal data
- Introducing network monitoring to ensure any breach is detected as early as possible
- Upgrading protection against network breach
- Ensuring that all actions leave a transparent and traceable audit trail
- Diversifying authentication solutions to prevent unauthorised access
- Evaluating and testing existing systems to identify any vulnerabilities
At netConsult we design bespoke IT infrastructure that includes privacy by design to ensure that your business architecture is fully compliant with the GDPR. Get in touch today to find out how we can help you to make your infrastucture as secure and compliant as possible.
Author: Laura Zverko - Follow us on Google+