If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
New protections for consumers, such as the EU’s General Data Protection Regulation (GDPR)— which is celebrating its first anniversary, and the new California Consumer Privacy Act (CCPA), provide consumers with added protections to ensure their privacy and prevent issues related to data theft or misuse. They do this by defining what is meant by personally identifiable information (PII), establishing compliance standards for organizations to meet, and imposing severe penalties for organizations that fail to protect the PII of their customers.
Some of the most important benefits of these regulations is their uniform definition of exactly what is meant by personal data; detail rules for how that data can and cannot be used by any organization doing business within a specified region—or with any citizens that reside, work, or travel therein, even remotely; explicitly define what constitutes a breach of personal data along with standardized and consistent notification requirements; and give consumers complete control over the use and storage of their PII.
The GDPR established a common and broader definition of personal data than previous efforts, including things like IP addresses, biometric data, mobile device identifiers, and other types of data that could potentially be used to identify an individual, determine their location, or track their activities. The CCPA extends that definition even further, adding such things as geolocation data and shopping, browsing, and search histories.Tweets by @Fortinet
Further, organizations affected by these regulations not only need to obtain explicit approval from individuals to retain and use their personal data, but also honor their “right to be forgotten,” which enables individuals to demand that an organization purge any personal data about them for any reason.
The challenge is that with today’s highly distributed network, data could have been copied multiple times and distributed virtually anywhere. The recent and rapid transition to multi-cloud networks, platforms, and applications complicates this challenge. To meet data privacy requirements in such environments, organizations need to implement security solutions that span the entire distributed network in order to centralize visibility and control. This enables organizations to provide consistent data protections and policy enforcement, see and report on cyber incidents, and remove all instances of PII on demand.
Achieving this requires three essential functions:
This creates two issues that need to addressed.
The best approach to security is to stop an attack before it even starts, and limit its scope once a breach occurs. This requires organizations to have technologies and policies in place, such as:
When properly understood, privacy regulations not only ensure that the PII of consumers is protected, but they also raise the bar for security across the entire organization. It forces organizations to go back to the drawing board, rethink processes and policies, identify and close gaps, and centralize their visibility dashboard feeds and operational controls. Many of these security fundamentals have been lost in the rush of digital transformation, and this is a good excuse to regroup, rethink, and re-secure your infrastructure.
This was originally posted posted here: https://www.csoonline.com/article/3397108/gdpr-and-the-cloud.html