GDPR - The Bunker Secure Hosting

impact assessments (PIAs), audits, policy reviews and activity records. Data breaches that must be reported include: • Confidentiality breaches. Unauthorised ...
2MB Sizes 3 Downloads 224 Views
General Data Protection Regulation (GDPR) Infographic The General Data Protection Regulation (GDPR) is the biggest shake-up to privacy regulation in 20 YEARS.

What is GDPR?

GDPR is a set of rules and regulations designed to strengthen and unify data protection for individuals within the EU, enabling people to better control their personal data.

GDPR will give EU citizens: • •

Easier access to their personal data The right to data portability

• •

The right to “be forgotten” The right to know about data breaches

New principles under the GDPR: •

Lawfulness, fairness and transparency

Purpose limitation

Data minimisation


Storage limitation

Integrity and confidentiality


Personal data must be processed lawfully, fairly and in a transparent manner Personal data must only be collected for specified, explicit and legitimate purposes Personal data must be adequate, relevant and limited to only what is necessary Personal data must be accurate and, where necessary, kept up-to-date Personal data must be kept in a format that permits identification of data subjects for no longer than necessary Personal data must be processed in a manner that ensure appropriate security of the data The data controller shall be responsible for and able to demonstrate compliance with these principles

What is GDPR?

Rapid Growth of Global Data

over one-third of data

will live in or pass through the cloud

Experts estimate a


er Exp

4,300% increase


in annual data generation by


ert p x E



of all data is stored by

enterprises Increase in Frequency, Size and Scale of Data Breaches

Cyber criminals compromised more than A BILLION data records in 2014 in more than 1,500 security breaches, equating to 32 records lost or stolen every second

This is a 49% increase


78% increase

in the number of records lost or stolen compared to 2013


in data breaches and a...

In 2005, 157 data breaches were reported in the U.S. In 2014, 783 data breaches were reported –

an increase of almost 500% Despite this, only 28% of security breaches were disclosed last year.

How Will GDPR Affect EU Organisations? Any EU organisation that collects and stores personally identifiable information (PII) will be subject to the rules and regulations set out in the GDPR. The GDPR applies to any entity managing EU citizens’ data, irrespective of its location. European countries have two years to comply by 25th May 2018 Data breaches must be reported within 72 hours of the breach occurring. Data breaches that must be reported include: • Confidentiality breaches Unauthorised access to, or disclosure of, personal data

Integrity breaches

Availability breaches

The unauthorized alteration of personal data The accidental or unlawful destruction or loss of personal data

All organisations need to implement a wide range of measures including privacy impact assessments (PIAs), audits, policy reviews and activity records.

What Will Happen to Organisations that Fail to Comply?

Administrative Fines

Data breaches


Up to €10m or 2% of global turnover, whichever is greater

Up to €20m or 4% of global turnover, whichever is greater

€10m or 2%

€20m or 4%

Is Your Company Ready for GDPR? 90% of Europeans want the same data protection rights across the EU. A