The GDPR and the new data protection technologies

GDPR: What is it? more: how to be prepared for the entry into force of the European Data Protection Regulation ?

 

Because yes, the GDPR for General Data Protection Regulation, is a new European regulation. It will apply as of May 2018 to any company that collects, processes and stores personal data whose use can directly or indirectly identify a person. It is based on the fundamental right of every citizen to protect his life and personal data.

The goal of the GDPR is to face the new realities of the market, in particular in terms of data protection related to social networks or cloud computing. The notions of secure file transfers and the rights to forget are an integral part of the GDPR.

Who's concern by GDPR?

(General Data Protection Regulation)

The GDPR applies to all economic actors: companies, administrations, associations, local authorities, corporate unions … When we talk about personal data, we implicitly include the information of employees, customers, partners and others on various media including computers, phones, servers, or even in exchanges of emails, in logs, and in the cookies left by visitors of the company’s website!

Less than a few months before the regulation enters into force, many companies are absolutely unprepared.

Following a Veritas study, more than 54% of companies have not been able to prepare processes or implement solutions to meet the minimum standards of the GDPR. More seriously, 56% of companies do not know what the symbol GDPR (GRPD for the French version) !

GDPR and enterprises 

be sure to respect rules...

The new regulation imposes duties and obligations on companies. They will be required to ensure the informed and informed consent of individuals to the collection and processing of their data. The data should be kept only as long as necessary, and their access, modification, restitution and erasure should be guaranteed on request of the individuals concerned.

The company will also ensure that these data are protected at all times and in all places from the risk of loss, theft, disclosure or any other compromise. If, however, such an event occurs, then the company in question should notify the competent authority (CNIL in France) promptly (ideally within 72 hours) and inform the data subjects if there is a real risk of an event, protection of their privacy.

The company will need to document all the measures and procedures necessary to be able to provide this protection at all times. It will also have to be able to prove to the competent authorities that everything is being done to meet these obligations, such as the use of DLP solutions or combating cybercrime such as i-Guard.

 

In the event of non-compliance with the obligations imposed by this regulation, companies will be subject to penalties of up to 4% of the annual global turnover or 20 million euros. And it is the company must compensate any person physically or morally injured by a non-conforming treatment of its data.

The company must therefore be able to detect if its integrity has been compromised and remedy it promptly, while recording and notifying the event. Hence the use of a solution based on artificial intelligence, accelerating and improving the processing of data flows on each Endpoint.

Beyond the relatively administrative handling of the subject, these obligations require the company to adopt a cyber security rules and to be protected in all of the nivel that hands private data. It means all endpoints,

that is to say to integrate an effective computer security at the heart of its processing of data to prevent any attack.

GDPR: what should companies do to ensure that they are in compliance with the GDPR.

Several measures can be taken to ensure the conformity of its IT structure. Contracts with all IT providers, including cloud service providers, need to be reviewed. It must be ensured that for each information collected, a request for consent is made and finally it is necessary to know precisely where the data are stored.

Once the processes are in order, the company can apply for a European certificate, valid for 5 years, attesting its conformity with the GDPR.

GDPR: the responsibility of the application of regulation in company

There is uncertainty about the issue of responsibility for enforcement. According to the AvePoint and CIPL reports, the GDPR and data privacy are closely linked to the company’s strategy for data protection, analysis of large amounts of data, and innovations in data protection. management of data. This is why the GDPR should be the result of concerted efforts by the entire organization. The Director of Data Management (CDO) must work hand in hand with the IOC and the CIO and other senior managers. “The board of directors must have an understanding of the application of GDPR and take part in appropriate changes,” says Mark Thomson, KPMG consultant firm consultant, “will lead to additional funding to strengthen protection and Privacy Policy »

Charles BIENFAIT, head of the GDPR division at SG Consulting, confirms that “some players have already anticipated these impacts, particularly in the sectors most affected by large volumes of data (banking, insurance, telecom). to accompany the transformation. “, which implies to involve consulting professionals, connoisseurs of the market of cyber security and able to advocate the good remediations to their customers.

Why GDPR is artificial intelligence compliant ?

pour objectif de qualité et de résultats

i-Guard’s Artificial Intelligence allows you to answer several GDPR issues:

  • Securing EndPoint: malware that has the function of stealing or hacking data can not be installed, so your risk is cut by installing i-Guard on all the machines on your network
  • Securing the USB ports: i-Guard forbids access to USB ports via backup media (USB stick, external hard drive, etc.), so the leakage of the data by pasted copy will be impossible, local workstations or servers or mobile workstations.