General Data Protection Regulation in EU

 How Sonicwall can help you to deliver GDPR compliance solutions
  

EU General Data Protection Regulation (GDPR)

After four years of preparation and debate, the GDPR was finally approved by the EU Parliament on 14 April 2016. It will entered in force on 25 May 2018 - at which time those organizations in non-compliance will face heavy fines.

The EU General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site. 

What is GDPR?

The General Data Protection Regulation (GDPR) is a new piece of legislation that was agreed in December 2015, and will be effective from May 25 2018
Goal: removes the complexities that businesses currently face around complying with multiple local regulations across the EU
GDPR unifies EU data protection legislation, simplifying processes and legal obligations for any country dealing with more than one EU state.

Key features of GDPR

Personal data

  • • GDPR's scope is limited to personal data. For example, an IP address that can identify a specific user's device is regarded as personal data.

What is personal data

  • • Any information relating to an identified person and identifiable information
  • • Dentist card with information about a person's teeth
  • • Car license plate

Ordinary personal data

  • • Name, address, social security number, workplace, incomes., etc.

Special categories of personal data

  • • Ethnicity, political opinion, religion, genetic- and biometric data, health issues, sexual relations and crime related data

Why should you care of GDPR?

GDPR changes the game for organizations because of two key features:

  • • The fine for non-compliance with GDPR reaches a maximum of 4% of global revenue or €20millions, whichever is greater.
  • • The prospect of receiving such a fine gets boardroom attention. No board member will want to have to explain to shareholders why profits and stock price have fallen due to a data breach resulting in a substantial fine.
  • • GDPR introduces the concept of mandatory breach notifications. For almost all companies within the EU, this will be the first time that they will have had to, by law, admit to data breaches. While the extent of reporting breaches is limited to the Supervisory Authority and affected customers, bad news travels quickly, and such information would leak quickly into the public domain. Organizations then have the media spotlight shone directly upon them.

How ASBIS and Sonicwall can help you?

Minimum technical measures under the GDPR

  • Firewalls which are properly configured and using the latest software
  • • User access control management by, for example, the UAC functionality in Windows
  • • Unique passwords of sufficient complexity and regular (but not too frequent) expiry on all devices (including mobile phones) to defend against dictionary and rainbow table attacks
  • • Regular software updates, if appropriate, by using patch management software
  • • Timely decommissioning and secure wiping (that renders data unrecoverable) of old software and hardware
  • Real-time protection anti-virus, anti-malware and anti-spyware software
  • Encryption of personal data in transit by using suitable encryption solutions
  • • Encryption of all portable devices ensuring appropriate protection of the key
  • • Implement secure configuration on all devices (including mobile phones)
  • Put in place intrusion detection and prevention systems
  • • Data backup

Please note, that in order to comply with the law, there should be no one person in your organization with full access to all files and even your network administrator should have restricted access. In fact, it is recommended that the network administrator’s normal user account and his/her account with administrator privileges should be separated and only used when appropriate. This makes auditing and control of administrator actions much simpler.

These GDPR requirements can be fully completed by Sonicwall solutions:

  • • Firewalls which are properly configured and using the latest software
  • • Real-time protection anti-virus, anti-malware and anti-spyware software
  • • Encryption of personal data in transit by using suitable encryption solutions.
  • • Put in place intrusion detection and prevention systems

By using Sonicwall product and solution you can be compliant with GDPR rules:

  • • Prevent intrusions
  • • Stop zero day and known malware
  • • Encrypt data communication
  • • Stop data leakage
  • • Scan all traffic including encrypted traffic
  • • Access control user based
  • • Content filtering
  • • Log all access and all incidents

 

 

 

Additional information: