May 2018 was the month of GDPR – an introduction of an improved version of the Data Protection Directive (95/46/EC).
The General Data Protection Regulations has been widely discussed all over the world. It has come into life in May 2018 and the organizations that don't meet GDPR's requirements might face severe fines.
In the meantime, companies should revisit their security and compliance strategies to ensure they’re prepared to meet GDPR requirements. To embrace the GDPR, companies had to analyze security and compliance strategies to make sure they are prepared for the new regulations.
In our series of posts about the GDPR, we'll discuss a couple of things: who is concerned by the GDPR; the most important security requirements the GDPR sets; organizational impact the GDPR has; or the penalties for non-compliance.
Before that, however, let's move to fundamental definitions of the GDPR.
1. Personal data and data subject
It describes “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Example: A Fortune 500 company you work for stores your personal data. You’re the data subject.
Controller is a “person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.“2
Example: An example of a controller can be a manufacturing company that gathers personal data of the employees.
It's “person, public authority agency or any other body which processes personal data on behalf of the controller.”3
Example: A payroll company processing employee paychecks on behalf of the manufacturing company is the Processor.
The GDPR Applies to...
Companies from outside the EU may think they are free from the GDPR. Well, if so, they are wrong. The new regulations relate to all organizations doing business within the EU and all organizations processing personal data from the EU – be it residents or visitors.
To sum up,any organizations in any country that process any EU data must follow the GDPR.
It All Depends on Data
Since the Internet cannot be fully controlled, some companies might not be even aware they deal with data from the EU and are subject to the GDPR.
How does Grey Wizard protect you from Data Leaks ?
Grey Wizard decreases the risk of data leaks by protecting your infrastructure and internet environment against hacking attacks. Grey Wizard protects websites and web applications from data leaks.