Understanding General Data Protection Regulation Compliance

In April of 2016, the European Union Parliament and Council voted to replace Data Protection Directive 95/46/ec and enact an overreaching data security regulation named the General Data Protection Regulation (GDPR). The law went go into effect in the May 25, 2018 and is the primary law regulating how businesses protect EU citizens’ personal data. Companies that need to meet the old security directive will need to be in compliance of the new law on that date or face stiff fines and other penalties

About GDPR

The GDPR was created in response to the myriad of data security issues many businesses have had in the EU economic sector over the past several years. By making all of the EU member nations adhere to the same data protection standard, the hope is that this new mandate will be a baseline standard for companies who handle EU citizens’ data.

Some of the key provisions of the law include requirements to:

  • Consent subjects for data processing.
  • Provide fast data breach notifications if a breach has occured.
  • Anonymize collected data to protect consumer privacy.
  • Appoint a “data protection officer” for certain companies.
  • Safely handle the transfer of data across borders.

What Businesses Need to Be Compliant?

This is where the law gets a little tricky. Every business that markets or sells goods and services within the confines of the European Union member states has to meet the GDPR regulation. As a result, the global implications of this law are substantial. For businesses that will need to be in compliance to continue doing business with EU citizens, the GDPR will likely have a significant impact on the way that your business uses its core information systems.

The GDPR will be enforced by what are called “Supervising Authorities” (SAs). SAs will interpret “substantially affects” on a per-case basis since the context of data processing, the type of data, the purpose of processing and whether the processed data causes damage, loss, or distress to individuals; has an effect of limiting rights of certain groups or individuals; affects individual’s economic status or circumstances around their economic health; inflicts potential reputational damage; and many more qualifications.

To ensure these qualifications are met, SAs will be looking for organizations to do many of the following:

  • Encrypt personal data
  • Prevent unauthorized access to personal data (or equipment used in the processing of this data).
  • Prevent unauthorized access to the use of personal data (or the equipment used in the processing of this data).
  • Take part in independent assessment of equipment to evaluate the nature and potential severity of privacy risks.
  • Have the ability to recall and report personal data in a timely manner in the event of an incident.
  • Ensure continuous confidentiality and integrity of all equipment used in the processing of personal data.
  • Perform regular tests to assess the effectiveness of measures to ensure data security.

The GDPR is filled to the brim with language referencing security of computing infrastructure as a precursor to the actual security of the data held within these constructs. Before you can build a GDPR-compliant infrastructure, you must understand how your IT needs to be altered to do so.

What Are the Consequences if You Fail to Comply?

Since the law that the GDPR replaced was over twenty years old, the vast changes in computing, marketing, and sales coupled with the prevalence of threats to data security produced some stark changes in the way the GDPR punishes companies that are found to be in violation of this mandate. SAs have far more authority under the GDPR than under the old directive. They hold investigative and corrective authority, and will have a system to issue organizations warnings for non-compliance. They will also perform audits, dictate changes, impose deadlines for those corrections, order data to be forfeited or erased, and even be given the power to block companies from transferring data to any other jurisdictions until all compliance mandates are met.

The biggest role SAs will have is assessing fines for noncompliance; and, the fines are substantially larger than under the previous law. Fines will be determined based on the circumstances of each case, and if substantial evidence is there to find that an organization’s breach wasn’t of their own negligence, the SA may not impose a fine at all. The fines that are imposed may be up to two-to-four percent of total global turnover or up to 20 million euros, whichever is greater.

How Gatun Technologies Can Help

With the deadline to integrate the changes your organization needs to meet the standards of the GDPR, any business that sells products and services in European Union member nations has to begin to shift their priorities to ensure they are compliant with the new mandates. The best course of action is to read through the law here, and then call Gatun Technologies at (844) 567-2540 to see how our technology professionals can help you structure your network and data security policies to adhere to even the most stringent security mandates.

Years experience

0+

Years experience
Certified experts

0

Certified experts
End user satisfaction

0%

End user satisfaction
Global reach

0countries

Global reach
Service desk

024/7

Service desk

Our Managed IT services will help you succeed. Let’s get started

Solutions

Comprehensive IT services include

  • router-1807_67aa302b-3a94-46a7-aa3d-66b8928a87d7

    Network

    Cloud services are network dependent, which is why NanoSoft network management and monitoring services have become critical to IT.

  • telephone-operator-4682_c9489618-836b-47ec-8489-e15f613cb10c

    Service desk

    NanoSoft 24/7 support is about maximising service efficiency, resolving problems and driving continuous service improvement.

  • computer-network-1878_39828809-88f9-48e1-9a76-61c99401ec99

    Infrastructure

    NanoSoft ensures your IT infrastructure is always optimised to support the stable and highly available services organisations demand.

  • settings-server-1872_2e41baf2-8789-4215-b430-db35c3899936

    Endpoint management

    Client and server endpoints are managed as one estate, ensuring security and stability while maximising uptime and employee productivity.

  • source-code-1754_2b435bd8-ce76-4910-8137-7d07a3557fa3

    Applications

    NanoSoft supports Software as well as on-premise deployments, ensuring applications are always optimised for the best possible user experience.

  • add-image-5030_dcf585b8-8f3d-48ad-8579-a4ad56d14ba6

    Managed services plus

    NanoSoft provides advanced management tools to clients who want to take their IT Service Management to a higher level.

Benefits

Our services provide a unique range of benefits

  • Control IT Costs

    You can scale your IT Costs according to your requirements and only pay for what you need. Whether that be increasing or decreasing staff, or IT project work.

  • Trusted IT advisor

    Through regular account management meetings your Managed IT service company will be able to oversee your overall IT roadmap and become your trusted advisor.

  • Economy of scale

    As your business grows, its support structure needs to grow, too. When you use a managed IT service you can scale your business up or down with nothing more than a simple discussion.

  • Increased efficiency

    You’ll have your IT needs outsourced to a team of IT experts, and during times where you need additional project support, your managed IT provider supplies the extra staff.

  • Small initial investment

    Managed IT services help you offset the initial investment of technology costs. Rather than spending thousands of dollars on hardware and software upfront.

Stop wasting time and money on technology. Let’s get started

NanoSoft are always accommodating our diverse needs and we feel like they are a part of our company rather than an external supplier.
John H. Bedard, Jr
Pricing and Plan

1 monthly fee for all IT services. No costly surprises