compliance
FedRAMP Compliance: What You Need to Know?
FedRAMP is a U.S. government-wide program that delivers a standard approach to the security assessment, authorization, and continuous monitoring of cloud products and services.
GDPR - New Frontiers in Regulating Data Protection and Privacy Standards
Request ConsultationIn recent years, the world has become even more data-driven. We have seen the explosive demand for data which ushered in the creation of unprecedented volume, velocity and variety. This shift has also resulted in additional risks, with wider impact and costlier consequences, such as:
- Uber confirmed that the recent hack affected 57 million customers and drivers worldwide;
- Yahoo disclosed that over 3 billion of its email users were likely compromised over the last four years;
- Equifax, a consumer credit reporting agency, experienced the theft of over 140 million consumers records[1].
These and similar incidents highlight that no company, regardless of its type, location or size, is immune to cyberattacks or data leakages. The Cost of Data Breach Study supports this perspective, as 1 in 4 company will likely experience a security breach[2]. Increased attention to the protection and privacy of data should therefore be a priority for organizations.
Considering the current landscape, it is hardly surprising that the theft of information remains the most expensive consequence of a cybercrime, as reported by the 2017 Cost of Cybercrime Study[3]. The study further states that for industries such as financial services, and utilities and energy, the average cost of cybercrime amounts to over $17 million. Global reports continue to reveal numerous breaches and leaks that underscore that the application of baseline standards for the protection and privacy of data is an absolute necessity.
The adoption of sound data protection and privacy practices, processes and technologies will help an organization to:
- Safeguard customer data, trade secrets and other sensitive data;
- Minimize risk exposure;
- Minimize the costs associated with responding to a breach;
- Reduce or eliminate any payment of penalties associated with a breach; and
- Meet regulatory requirements.
The European Union (EU), in a bid to protect all its citizens from privacy and data breaches,implemented the General Data Protection Regulation (GDPR)that will come into force on May 25, 2018. The provisions of the GDPR apply to organizations located in the EU and to organizations located outside of the EU, if these organizations:
- Offer goods or services to EU data subjects; or
- Monitor the behavior of EU data subjects.
This means that the GDPR touches and concerns many organizations worldwide. Consequently, organizations operating (physically or remotely) in several countries such as financial services, pharmaceutical and health services, education services, telecommunication services, and consulting services may be impacted.
Some of the crucial changes under the GDPR[4] are shown in Table 1.
Table 1: Key Changes under GDPR| Key Changes | Summary |
| Increased Territorial Scope | GDPR's application extends beyond organizations in the EU. |
| Consent | Consent requests must be clear and intelligible, and distinguishable from other matters. The right to withdraw consent must be also clear |
| Rights of Data Subjects | Provides for extended rights such as: Timely mandatory breach notification Right to access to information on the nature and form of personal data being processed Right to be forgotten |
| Penalties | An organization in breach may be fined up to 4% of annual global turnover or 20 million |
These and other changes will likely impact an organization strategies, policies, processes, procedures, and the use of technologies. The Data Protection Impact Assessment (DPIA) is one integral step for many organizations in determining their preparedness to meet the new regulatory requirements.
Wilson Consulting Group knowledgeable and experienced team will work with you to ensure that your organization is prepared for GDPR.Our GDPR Compliance Services helps your organization to:
- Identify potential gaps and vulnerabilities in your business;
- Assess and refine your organization incident response policies, processes and practices;
- Developsecured solutions to manage the processed data throughout its lifecycle; and
- Conductprivacy impact assessment (PIA).
Undertaking these activities will help to ensure your organization readiness for GDPR and improve privacy and security practices in your organizations.
[1]31 of the most infamous data breaches, https://www.techworld.com/security/uks-most-infamous-data-breaches-3604586/
[2]2017 Ponemon Cost of Data Breach Study
[3]2017 Accenture Cost of Cybercrime Study
[4] The EU General Data Protection Regulation (GDPR), www.eudgpr.org
Keep Reading
Related Articles
compliance
What NIST 800-53 Revision 5 Means to Cybersecurity?
NIST Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, represents a multi-year effort to develop the next generation of security and privacy controls needed to strengthen and support .
compliance
Global Privacy Laws and Data Protection Regulations
The protection of employee and consumer data has become a priority for companies and organizations, especially with the ever-increasing potential for liability due to the use of new technologies. The collection and management of data require a broad range of legal compliance activities. It is essential to prioritize and protect sensitive, confidential, and proprietary information. Data breaches or losses can have a substantial adverse effect on a company’s financials and reputation. This article discusses several privacy laws expected to guide organizations in the protection of their information assets, and the privacy rights of individuals, through compliance.