Five Steps To Keeping Your Cloud GDPR Compliant

 
The GDPR gives the balance of power concerning personal data to the individual rather than companies collecting it. That could be painful.
 
If your company uses cloud technology for anything that involves outside users, there’s a high probability that the GDPR will affect it. Here are five key tips to ensuring your company is in compliance.
 
1. Know the physical location of your cloud app providers that are involved with data collection, analytics or storage. If any of these apps are being hosted in an EU country, you’re already qualified for GDPR compliance.
2. Enact a new data agreement with your existing cloud apps concerning personal data. Make sure that every app you do business with is able and willing to change its agreement with you that it will adhere to all GDPR regulations. If these apps refuse to upgrade their terms of service with you, it’s time to find a new provider.
3. Ensure that you and the apps you use are only collecting ‘necessary’ data. For instance, if you are only collecting IP addresses on your website to see where visitors are coming from, there’s no need to ask them to fill out a survey recording their names, addresses and personal identification numbers.
4. Ensure that your apps are only collecting data for a specific purpose and not using it for anything else. How many times have you filled out a form on a website and started getting four new spam emails every day on related products? That will be illegal under the new GDPR law unless each app specifically says so in its data processing agreement and the individual agrees to it. Otherwise, sharing or selling data belonging to EU citizens to third parties is out the window. 
5. Make sure data used in an app can be erased as soon as your contract with that app ends. No app should be hanging on to your data ‘just because’ once your contract ends. Similarly, you shouldn’t have data laying around that’s not being used, because the risk of it being hacked grows every day that it’s just sitting on your server. Hacks, breaches and plain old accidental exposures happen every day. Limit the amount of data to only what you absolutely need to make your business work. 
 
The adoption of the GDPR standards is likely to be a painful one for many companies. Multiple surveys taken over the past year have proven that a majority of firms are not ready for the change and don’t have the proper tools in place to get there. 
While the powers that be might give some leeway as companies make the transition, getting there first can have a major impact on the future strength of your company.
 
On May 25, 2018, one of the most wide-ranging pieces of Internet legislation will go into effect when the EU’s General Data Protection Regulation becomes law.
 
This broad data protection plan has high stakes for an overwhelming number of businesses around the globe. It is a powerful voice for the rights of people’s online identity and a realisation of how valuable personal data is.
 
The GDPR gives the balance of power concerning personal data to the individual rather than companies collecting it, and extends that data to include things like SIM card IDs, website cookies and IP addresses. 
 
Individuals will have the right to challenge how companies build up profiles about them and will need to give consent before companies are able to get data and use it in certain ways. Individuals also have the right to challenge a business’s right to store their data. If the business cannot show a real reason to hold on to the data, the individual can request that it is deleted. 
 
Businesses failing to notify authorities of a breach can be fined up to €10 million ($12.3 million) or 2 percent of the company’s profit. Intentional or negligent violations can see a fine up to €20 million ($24.6 million) or 4 percent of the company’s profit.
What Kind of Businesses Are Affected by the GDPR?
 
• Any company that falls under the following criteria will need to be in compliance with the GDPR come May 25.
• Companies that sell goods/services to EU citizens.
• Companies that employ EU residents.
• Companies that operate websites that use cookies or other means to monitor people and traffic from the EU.
• Companies that collect any data about EU citizens.
• Companies using cloud technology that uses apps, data centers or servers located in the EU.
 
This is a huge population of organisations. If your website captures visitors’ IP addresses and you have five a year from European countries, you qualify. If someone from Holland buys one item from your online store on January 1, you’re still liable to be GDPR for the other 364 days of the year.
 
Information Management
 
You Might Also Read:
 
GDPR – Two Thirds of Organisations Aren’t Ready:
 
Delve Into GDPR - Questions & Answers:
 
 
« LinkedIn Updates Policies For GDPR
Learning About Russian Hackers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

Incopro

Incopro

Incopro is an online IP and brand protection software provider that arms brand owners with actionable intelligence to combat online and offline intellectual property and copyright infringements.

Stellar Cyber

Stellar Cyber

Stellar Cyber makes Open XDR, the only comprehensive security platform providing maximum protection of applications and data wherever they reside.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.