What is GDPR, are you ready?
The EU’s General Data Protection Regulation aims to extend data protection to the era of big data and cloud computing, ensuring that data protection is a fundamental fundamental right that will be regulated consistently throughout Europe. Any company that serves European customers and collects their data should comply with this directive, even if it is based in a non-European country. The regulation will be implemented in May 2018.
The new regulation empowers the European Data Protection Authorities to impose fines of up to 4% of their annual worldwide turnover for serious infringements, or EUR 20 million, whichever is the greater. The size of the fines that can be imposed ensures substantially that the confidentiality of the data will now be an issue to be discussed at the board of directors, as non-compliance with the GDPR will present a significant financial and business risk.
Any organization handling personal data of individuals within the EU will be required to reconsider its personal data management procedures.
What is Personal Data?
It is therefore easy to see that the Rules apply to everyone.
In any case, the express and specific consent of natural persons to the processing of their personal data is required. Indeed, the reason for keeping the data and the time for keeping it should be clearly stated. The individual retains in each case the right to revoke the above consensus.
Especially for minors consent is required from the parent.
There is also a special category of sensitive data. These include information on racial / ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, records of medical records, donors and recipients of human tissues and organs, medical research data, clinical trial protocols, etc.
The collection of such sensitive data is prohibited without the consent of the individual. In any case, only those data that are necessary and only for the purpose stated by the patient’s consent should be stored and processed.
The responsibility for collecting and processing data is borne by the Agency itself and by third parties (suppliers, insurers, external laboratories, external partners, etc.). Any violation of one is the same as the other.
Computer Link, within GDPR IT Compliance, provides you with trusted advisory services to define the right countermeasures to protect your business personal data both during storage and transfer and processing.
Computer Link's Solution
Security Audit controls the architecture of the network, as well as all its components, in order to detail the level of security in each of them, without omitting the control of the processes being followed, as well as these may be points of loss or falsification of information.
With Security Audit, each element and process of your information network is contrasted with the corresponding generally accepted practices and evaluated for compliance with them.
As security needs are not the same for all businesses, Security Audit categorizes security requirements so that you can choose the level of protection your organization is targeting.
The audit is completed by recording possible problems, categorizing them according to their severity, analyzing the risks of each finding and finally proposing corrections and improvements so that the organization achieves the desired level of security. Security Audit is specifically designed to:
- Recognize the weaknesses and problems of your network.
- Categorizes any problems depending on the importance, but also the ease or cost of rehabilitation.
- It provides recommendations for risk reduction according to compliance regulations and best practices.
- It helps your business in defining and adopting periodic controls to maintain the desired level of data security over time.
With our Penetration Test, information is gathered about the network architecture with actions taken from outside your network and from within to retrieve vulnerabilities that can be exploited by both malicious third parties and individuals within business.
After the end of the checks, Computer Link’s qualified staff guides you through the actions required to achieve the level of security your business is looking at, taking into account the cost of the investments required for that purpose.
