The European Commission has been debating about a subject that has an influence on everyone who uses information systems and digital businesses and demands privacy: data protection legislations.
It is essential to ensure that Europe fits the digital age, providing data protection and its privacy, regardless of where data is processed.
From this process, General Data Privacy Regulation (GDPR) was born. The primary objective of the GDPR is to give citizens back control of their personal data. Once GDPR takes effect (the compliance deadline for this was set for May 2018) it will harmonize previous and other data protection regulations already existing throughout the EU.
To address the GDPR compliance requirements, organizations must employ (at least one) encryption methods and strong key management, to ensure the protection of the encrypted data. Organizations will also need a way to verify the legitimacy of user identities and transactions, and to prove compliance. It is critical that the security controls in place be demonstrable and auditable.
According to GDPR organizations must:
- Only process data for authorized purposes;
- Ensure data accuracy and integrity;
- Minimize subjects’ identity exposure;
- Implement data security measures.
To preserve subjects’ privacy, organizations must implement:
- Data protection by design and by default;
- Security as a contractual requirement with their partners and service providers;
- Security measures that respond to their risk assessment;
- Safeguards if they are to keep data for additional processing.
Here, at Quidgest, we make sure that our entire client’s data is protected and kept private, with all the necessary means to this end.
Rui Val de Ovelha
International Business Consultant @ Quidgest