SPEED UP YOUR GDPR COMPLIANCE
Discover BigMIND features to help you prepare and comply with General Data Protection Regulation (GDPR) requirements.
GDPR FOCAL POINTS
Data Subject Rights:
An individual has the right to request deletion or removal of personal data when there is no reason to support its existence.
Privacy Standards & Designs:
The integration & processing of personal data falls on the responsibility of organizations. In addition to their ability to prove compliance with GDPR.
Detect, respond & report of breaches:
Taking proactive measures to help predict, detect & report any breaches within a 72 Hours.
Personal Data Duration:
Personal data should be kept for the defined duration & purpose which it was processed for.
Continuous audit for Data governance:
Internal data governance must be constantly audited & transparently reported in the case of anomalous activity.
QUICK INFORMATION & HIGHLIGHTS ON GDPR
As you have already started your Journey of GDPR Compliancy and have identified the personal data you business with holds, in addition to identifying your gaps from your data protection risk management.
It is essential to insure your Cloud Backup & Storage Solutions are GDPR compliant. Lets start with four main processes to outline & map your journey to identify the gaps & challenges ahead of you.
What is Personal Data :
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of Personal Data:
- Cookie
- Name
- Address
- biometric element (facial recognition, fingerprint) used for identity verification, a person’s location
- Occupation
- Gender
- physical factor
- Medical information
- Bank detail
- IP address
- Culture identity
- Meta Data
- Device IMEI numbers
- Sim Card ID’s
- Phone Number
- Photo
- Social Network Posts
As you have completed the initial setup for Data Management to cover the below:
- Obtain consent from data subjects to process their data
- Provide data subjects with privacy notices that describe how their data is used
- Ability to comply to data subject request to discontinue processing forms of personal data
- Established an easy accessible way for data subjects to communicate with the organization on privacy matters
- Ability to correct inaccuracies or complete partial instances of data subject personal data when requested
- Established a mechanism to locate and erase personal data on request
- Establish a mechanism to provide data subjects a copy of their personal data, including in an electronic form
- Setup Policies and Procedures to restrict processing of data if required.
The next Step here is to:
- Assign a Data Protection officer (DPO)
- Identify risks and develop your organization structure, processes, products & technology to focus on data protection and privacy.
- To create and maintain a risk management program for data privacy.
- Invest in technologies to encrypt the identified personal data.
- Study if your organization is proactively taking measures to avoid breaches, and test the current security measures.
What is Data Governance?
Data governance (DG), the management of data availability, usability, integrity and security within an enterprise. A sound data governance program should cover the enterprise’s ability to set defined procedures and plans to enforce such procedures.
Does your organization have Data Governance for your cloud Backup Solution?
- Data should be protected against accidental or unlawful destruction, loss, alteration and disclosure.
- Must take proactive measures to enhance data security.
- Must design the internal data processing procedure and continue assess the security.
- Is the organization planning how to develop its technology, products, processes and organizational structure with data protection and privacy as key components, and is it aware of the gaps for doing so?
- Is the organization aware of technologies to encrypt personal data and has it encrypted some personal data such as government identification numbers, birthdates, or banking numbers?
- Does the organization have an on going effort to identify needed people, process and technology controls to protect the confidentiality, integrity, and availability (CIA) of personal data?
- Is the organization aware of the potential impacts from breaches of personal data and does it have a response plan in place?
- Does the organization perform testing of its security measures, whether through technical means, social engineering, or tabletop exercises?
- Does the organization maintain records of processing activities with some additional information regarding the purpose or scope of the activities?
- Does the organization have documentation of ongoing personal data transfers into and out of EU?
- Does the organization maintain an inventory of processes that transmit personal data to third-party service provider?
- Can the organization determine risks associated with personal data processing?
- eDiscovery enables the Data controller to run investigations for data breaches more efficiently.
The selection of Cloud Backup Service provider is critical to your compliancy journey. If your cloud suppliers are not compliant with the GDPR, then neither are you.