By John Kyriazoglou
1.
Description of the GDPR
The
EU General Data Protection Regulation (GDPR)
(Regulation (EU) 2016/679) is a
regulation by
which the European Commission intends to strengthen and unify data
protection for individuals within the European Union (EU).
More details at: http://eur-lex.europa.eu/eli/reg/2016/679/oj
It also addresses export of personal
data outside the EU. The Commission's primary objectives of the GDPR are to
give citizens back the control of their personal data and to simplify the
regulatory environment for international business by unifying the regulation
within the EU.
When the GDPR takes effect, it will
replace the official Directive 95/46/EC from 1995. The regulation was adopted
on 27 April 2016. It enters into force 25 May 2018 after
a two-year transition period and, unlike a directive, it does not require any
enabling legislation to be passed by local (national) governments.
2.
Security Measures and Controls
The
GDPR requests (see articles 32 to 34 and recitals 39, 49, 52, 53, 71, 73, 75, 78, 81, 83,
85 to 88, 91 and 94) the company controller and the processor engaged in
collecting, processing, storing and transferring personal data to implement
appropriate technical and organisational measures to ensure a level of security
appropriate to the risk and establish a uniform data breach notification
requirement to inform, within defined time limits, both the data protection authority as well as
the data subject involved, in the event of a data breach leading to the loss,
access or disclosure of personal data, etc.
The following controls, methods and
techniques may be utilized for the analysis, design, implementation, assessment
and evaluation of your threat strategy and measures required to protect the
personal data and other valuable IT assets, in any type of organization.
More details at:
