Five Steps To Keeping Your Cloud GDPR Compliant

 
The GDPR gives the balance of power concerning personal data to the individual rather than companies collecting it. That could be painful.
 
If your company uses cloud technology for anything that involves outside users, there’s a high probability that the GDPR will affect it. Here are five key tips to ensuring your company is in compliance.
 
1. Know the physical location of your cloud app providers that are involved with data collection, analytics or storage. If any of these apps are being hosted in an EU country, you’re already qualified for GDPR compliance.
2. Enact a new data agreement with your existing cloud apps concerning personal data. Make sure that every app you do business with is able and willing to change its agreement with you that it will adhere to all GDPR regulations. If these apps refuse to upgrade their terms of service with you, it’s time to find a new provider.
3. Ensure that you and the apps you use are only collecting ‘necessary’ data. For instance, if you are only collecting IP addresses on your website to see where visitors are coming from, there’s no need to ask them to fill out a survey recording their names, addresses and personal identification numbers.
4. Ensure that your apps are only collecting data for a specific purpose and not using it for anything else. How many times have you filled out a form on a website and started getting four new spam emails every day on related products? That will be illegal under the new GDPR law unless each app specifically says so in its data processing agreement and the individual agrees to it. Otherwise, sharing or selling data belonging to EU citizens to third parties is out the window. 
5. Make sure data used in an app can be erased as soon as your contract with that app ends. No app should be hanging on to your data ‘just because’ once your contract ends. Similarly, you shouldn’t have data laying around that’s not being used, because the risk of it being hacked grows every day that it’s just sitting on your server. Hacks, breaches and plain old accidental exposures happen every day. Limit the amount of data to only what you absolutely need to make your business work. 
 
The adoption of the GDPR standards is likely to be a painful one for many companies. Multiple surveys taken over the past year have proven that a majority of firms are not ready for the change and don’t have the proper tools in place to get there. 
While the powers that be might give some leeway as companies make the transition, getting there first can have a major impact on the future strength of your company.
 
On May 25, 2018, one of the most wide-ranging pieces of Internet legislation will go into effect when the EU’s General Data Protection Regulation becomes law.
 
This broad data protection plan has high stakes for an overwhelming number of businesses around the globe. It is a powerful voice for the rights of people’s online identity and a realisation of how valuable personal data is.
 
The GDPR gives the balance of power concerning personal data to the individual rather than companies collecting it, and extends that data to include things like SIM card IDs, website cookies and IP addresses. 
 
Individuals will have the right to challenge how companies build up profiles about them and will need to give consent before companies are able to get data and use it in certain ways. Individuals also have the right to challenge a business’s right to store their data. If the business cannot show a real reason to hold on to the data, the individual can request that it is deleted. 
 
Businesses failing to notify authorities of a breach can be fined up to €10 million ($12.3 million) or 2 percent of the company’s profit. Intentional or negligent violations can see a fine up to €20 million ($24.6 million) or 4 percent of the company’s profit.
What Kind of Businesses Are Affected by the GDPR?
 
• Any company that falls under the following criteria will need to be in compliance with the GDPR come May 25.
• Companies that sell goods/services to EU citizens.
• Companies that employ EU residents.
• Companies that operate websites that use cookies or other means to monitor people and traffic from the EU.
• Companies that collect any data about EU citizens.
• Companies using cloud technology that uses apps, data centers or servers located in the EU.
 
This is a huge population of organisations. If your website captures visitors’ IP addresses and you have five a year from European countries, you qualify. If someone from Holland buys one item from your online store on January 1, you’re still liable to be GDPR for the other 364 days of the year.
 
Information Management
 
You Might Also Read:
 
GDPR – Two Thirds of Organisations Aren’t Ready:
 
Delve Into GDPR - Questions & Answers:
 
 
« LinkedIn Updates Policies For GDPR
Learning About Russian Hackers »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

Entrust

Entrust

Entrust is a global leader in digital security, identities, payments, and data protection.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Synectics Solutions

Synectics Solutions

Synectics deliver solutions for reducing risk, combating financial crime, and enabling organisations to meet their compliance and regulatory commitments.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Sierra Ventures

Sierra Ventures

Sierra Ventures is an early-stage venture firm investing globally with a focus on Next Generation Enterprise and Emerging Technologies.

K2 Cyber Security

K2 Cyber Security

K2 Cyber Security delivers the Next Generation Application Workload Protection Platform to secure web applications and container workloads against sophisticated attacks.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.