Five Steps To Keeping Your Cloud GDPR Compliant

 
The GDPR gives the balance of power concerning personal data to the individual rather than companies collecting it. That could be painful.
 
If your company uses cloud technology for anything that involves outside users, there’s a high probability that the GDPR will affect it. Here are five key tips to ensuring your company is in compliance.
 
1. Know the physical location of your cloud app providers that are involved with data collection, analytics or storage. If any of these apps are being hosted in an EU country, you’re already qualified for GDPR compliance.
2. Enact a new data agreement with your existing cloud apps concerning personal data. Make sure that every app you do business with is able and willing to change its agreement with you that it will adhere to all GDPR regulations. If these apps refuse to upgrade their terms of service with you, it’s time to find a new provider.
3. Ensure that you and the apps you use are only collecting ‘necessary’ data. For instance, if you are only collecting IP addresses on your website to see where visitors are coming from, there’s no need to ask them to fill out a survey recording their names, addresses and personal identification numbers.
4. Ensure that your apps are only collecting data for a specific purpose and not using it for anything else. How many times have you filled out a form on a website and started getting four new spam emails every day on related products? That will be illegal under the new GDPR law unless each app specifically says so in its data processing agreement and the individual agrees to it. Otherwise, sharing or selling data belonging to EU citizens to third parties is out the window. 
5. Make sure data used in an app can be erased as soon as your contract with that app ends. No app should be hanging on to your data ‘just because’ once your contract ends. Similarly, you shouldn’t have data laying around that’s not being used, because the risk of it being hacked grows every day that it’s just sitting on your server. Hacks, breaches and plain old accidental exposures happen every day. Limit the amount of data to only what you absolutely need to make your business work. 
 
The adoption of the GDPR standards is likely to be a painful one for many companies. Multiple surveys taken over the past year have proven that a majority of firms are not ready for the change and don’t have the proper tools in place to get there. 
While the powers that be might give some leeway as companies make the transition, getting there first can have a major impact on the future strength of your company.
 
On May 25, 2018, one of the most wide-ranging pieces of Internet legislation will go into effect when the EU’s General Data Protection Regulation becomes law.
 
This broad data protection plan has high stakes for an overwhelming number of businesses around the globe. It is a powerful voice for the rights of people’s online identity and a realisation of how valuable personal data is.
 
The GDPR gives the balance of power concerning personal data to the individual rather than companies collecting it, and extends that data to include things like SIM card IDs, website cookies and IP addresses. 
 
Individuals will have the right to challenge how companies build up profiles about them and will need to give consent before companies are able to get data and use it in certain ways. Individuals also have the right to challenge a business’s right to store their data. If the business cannot show a real reason to hold on to the data, the individual can request that it is deleted. 
 
Businesses failing to notify authorities of a breach can be fined up to €10 million ($12.3 million) or 2 percent of the company’s profit. Intentional or negligent violations can see a fine up to €20 million ($24.6 million) or 4 percent of the company’s profit.
What Kind of Businesses Are Affected by the GDPR?
 
• Any company that falls under the following criteria will need to be in compliance with the GDPR come May 25.
• Companies that sell goods/services to EU citizens.
• Companies that employ EU residents.
• Companies that operate websites that use cookies or other means to monitor people and traffic from the EU.
• Companies that collect any data about EU citizens.
• Companies using cloud technology that uses apps, data centers or servers located in the EU.
 
This is a huge population of organisations. If your website captures visitors’ IP addresses and you have five a year from European countries, you qualify. If someone from Holland buys one item from your online store on January 1, you’re still liable to be GDPR for the other 364 days of the year.
 
Information Management
 
You Might Also Read:
 
GDPR – Two Thirds of Organisations Aren’t Ready:
 
Delve Into GDPR - Questions & Answers:
 
 
« LinkedIn Updates Policies For GDPR
Learning About Russian Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

Shinobi Cyber

Shinobi Cyber

Shinobi Defense System is an integrated security system that absolutely secures information with smart, automatic encryption and protects your endpoints by stopping any unauthorized actions.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

Method Cyber Security

Method Cyber Security

Method offers a Cyber Security Risk Management training course for those responsible for the security of industrial automation, control and safety systems.

Heidrick & Struggles International

Heidrick & Struggles International

Heidrick & Struggles is a premier provider of leadership consulting and senior-level executive search services for roles including Information & Technology Officers and Cybersecurity.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

IT-Seal

IT-Seal

IT-Seal GmbH specializes in sustainable security culture and awareness training.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

Qeros

Qeros

Qeros is a next-generation distributed system enables secure data and transaction processing at the velocity of thought.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.