General Data Protection Regulation (GDPR) will be effective on May 25th, 2018. It supply how to manage customer identity information. The regulation explains incl. what do businesses need to do to protect sensitive data and how to deal with them if they lose control over them, for example as a result of hacker attacks.
Entrepreneurs who process personal data within their business - in particular financial industry entities (banks, Internet payment operators) cloud providers, e-commerce platforms, e-gaming, IoT, e-commerce, energy and transportation companies will be required to implement measures to ensure the security of Internet services, private networks and information systems.
From May 25th, 2018, these entities will be required to report incidents, including hacker attacks, that adversely affect the security of their data, competent authorities, and customers, if the attack threatens their personal details or privacy. Those who do not properly care about the security of their customers' information will be subject to very severe financial punishment.
Verify that you are safeguarding your data.
Please note that from May 25th, 2018, the current technical and organizational requirements for data security will no longer apply. However, you will still be responsible for ensuring that your data is safe. Consider what technical and organizational measures you will use. Make sure they are implemented before the RODO taking effect (May 25th, 2018).
Make sure that your organization is responding properly to data protection breaches.
Remember that from May 25th, 2018, you will be required to report data breaches to the supervisory authority and to notify the data breach to the supervisor. Adapt internal procedures to anticipate appropriate action if violations are found. Provide for a 72-hour deadline for reporting a violation to the supervisory authority. Make sure the data processing agreements provide the processing partner with time to process.