General Data Protection Regulation

It’s been a while now since the introduction of the GDPR and what have you noticed so far? Have you also received a load of e-mails asking you to agree to the new conditions?  Despite the fact that the government is enforcing the General Data Protection Regulation (GDPR) Act as of 25 May, I think that many companies and organisations are not yet GDPR compliant.

The GDPR focuses on the protection of all kinds of personal data. Organisations must comply with aspects such as transparency, purpose limitation, accuracy of data and integrity. The GDPR gives the registered person more rights such as the right to inspect, correct and portability.

Many of the points listed in the GDPR can be managed with procedures. In addition to procedural measures, an organisation will also need to have technical measures in place to comply with GDPR legislation. The technical measures can usually be implemented with standard ICT security components.

As Conscia Group we cannot ensure that your organisation is or will be GSPR compliant, but we can provide the technology to help your organisation in achieving compliance. In addition to the technical measures, we can also provide the manpower to set up and maintain these technical measures.

In this sense, I could imagine the following solutions:

  • Data Loss Prevention by means of the following technologies
    • Email Security (Mail-Relay);
    • Web proxy;
    • Next-Gen Firewall;
    • Cloud Access Broker (CASB);
  • Advanced Malware Protection;
  • Strong or multi-factor authentication and role-based access;
  • Web Application Firewall (WAF);

Summary

To implement GDPR measures, you can use existing ICT technology to realise protection and control measures. With the above listed technologies, you already have a number of measures in place that help you become GDPR compliant.

In addition to the technical measures, you will also need procedural measures to be able to comply with legislation.
Draw up a step-by-step plan to implement the measures to comply with the GDPR, both in terms of procedures and ICT measures. This ensures the focus within the organisation you need to set up the measures effectively.

This is a summary of a more detailed description of the GDPR. This description can be found by clicking on this link.