The European Union General Data Protection Regulation (GDPR) entered into force for fines in May 2018.
Various domestic and international laws provide guidance on appropriate safeguards for properly protecting personally identifiable information (PII).
For GDPR, accountability is a cornerstone. “A business is responsible for complying with all data protection principles and is also responsible for demonstrating compliance.” And while GDPR is applicable to international organizations, it’s clear that privacy is coming to all states within in the US as well. The state constitution of California gave each citizen an “inalienable right” to pursue and obtain “privacy,” now known as the California Consumer Privacy Act of 2018. Others are soon to follow.
To respond to these changes effectively, organizations need to assess their current position and how ready they are to meet the new privacy regulations. Given the complexities and lack of information about where and how data is held, this may not be straightforward. A privacy assessment will allow organizations to be clear about the action they need to take when it comes to governance, processes, organizational structures, and technical requirements.
Krypton Security will review data privacy, including any improvements that must be made within your business, along four (4) different aspects:
• Processes and Systems
• Information and Access Rights
Compliance with regulations is not only a requirement, but potentially a competitive advantage, and the right thing to do for your consumers, customers and employees.