The GDPR countdown to tougher European privacy legislation has started, with the new General Data Protection Regulations laws coming into force on 25 May 2018.
EU GDPR data privacy will force companies to introduce stronger protection of the personal data of EU citizens. Significant penalties for non-compliance mean organisations will need to gain a clear understanding of what sensitive personal data they store and evaluate their processes to manage and protect it before the compliance deadline.
Personal data is any data which can be used to identify a specific individual. Any files containing unique attributes such as National Insurance Number or NHS number or a unique combination of information about individuals such as driving licences, passport records, utility bills, birth certificates, credit card or bank account details can be used to distinguish one person from another and are classed as personal data. Such information will need to be managed very carefully in every organisation in future, as the new legislation adds new requirements to protect it and individuals will gain rights to control how their information is stored.
The first step to compliance is to understand what personal data is stored (and possibly buried and lost). Our solutions reveal exactly where up to thirty five types of personal data is located within your growing fileshares, Exchange and SharePoint repositories. An evaluation of who should have access to it leads to the creation or enhancement of DLP (Data Loss Prevention) policies within a broader Information Governance strategy to protect that data.
All businesses will need to prepare to ensure compliance, so read our summary of the key points and advice how to become compliant.