GDPR - The Bunker Secure Hosting

impact assessments (PIAs), audits, policy reviews and activity records. Data breaches that must be reported include: • Confidentiality breaches. Unauthorised ...
2MB Sizes 3 Downloads 224 Views
General Data Protection Regulation (GDPR) Infographic The General Data Protection Regulation (GDPR) is the biggest shake-up to privacy regulation in 20 YEARS.

What is GDPR?

GDPR is a set of rules and regulations designed to strengthen and unify data protection for individuals within the EU, enabling people to better control their personal data.

GDPR will give EU citizens: • •

Easier access to their personal data The right to data portability

• •

The right to “be forgotten” The right to know about data breaches

New principles under the GDPR: •

Lawfulness, fairness and transparency



Purpose limitation



Data minimisation



Accuracy



Storage limitation



Integrity and confidentiality



Accountability

Personal data must be processed lawfully, fairly and in a transparent manner Personal data must only be collected for specified, explicit and legitimate purposes Personal data must be adequate, relevant and limited to only what is necessary Personal data must be accurate and, where necessary, kept up-to-date Personal data must be kept in a format that permits identification of data subjects for no longer than necessary Personal data must be processed in a manner that ensure appropriate security of the data The data controller shall be responsible for and able to demonstrate compliance with these principles

What is GDPR?

Rapid Growth of Global Data

over one-third of data

will live in or pass through the cloud

Experts estimate a

t1

er Exp

4,300% increase

2

in annual data generation by

4300%

ert p x E

2020

80%

of all data is stored by

enterprises Increase in Frequency, Size and Scale of Data Breaches

Cyber criminals compromised more than A BILLION data records in 2014 in more than 1,500 security breaches, equating to 32 records lost or stolen every second

This is a 49% increase

49%

78% increase

in the number of records lost or stolen compared to 2013

78%

in data breaches and a...

In 2005, 157 data breaches were reported in the U.S. In 2014, 783 data breaches were reported –

an increase of almost 500% Despite this, only 28% of security breaches were disclosed last year.

How Will GDPR Affect EU Organisations? Any EU organisation that collects and stores personally identifiable information (PII) will be subject to the rules and regulations set out in the GDPR. The GDPR applies to any entity managing EU citizens’ data, irrespective of its location. European countries have two years to comply by 25th May 2018 Data breaches must be reported within 72 hours of the breach occurring. Data breaches that must be reported include: • Confidentiality breaches Unauthorised access to, or disclosure of, personal data



Integrity breaches



Availability breaches

The unauthorized alteration of personal data The accidental or unlawful destruction or loss of personal data

All organisations need to implement a wide range of measures including privacy impact assessments (PIAs), audits, policy reviews and activity records.

What Will Happen to Organisations that Fail to Comply?

Administrative Fines

Data breaches

Non-compliance

Up to €10m or 2% of global turnover, whichever is greater

Up to €20m or 4% of global turnover, whichever is greater

€10m or 2%

€20m or 4%

Is Your Company Ready for GDPR? 90% of Europeans want the same data protection rights across the EU. A