The General Data Protection Regulation (GDPR) is a landmark new privacy law that will enter into force on May 25th 2018.
It replaces the Data Protection Directive 95/46/EC and is designed to give greater protection and rights to EIJ citizens and to redefine the way organizations are approaching data privacy.
It regulates the processing of personal identity information which includes the collection, storage, use, and transfer of personal data about EU citizens.
Under the GDPR, the EU defines "personal data" broadly, without providing a finite list of personal data types, therefore, the law covers any information relating to an identified or identifiable EU citizen:
- Personal data, such as email addresses and employee ID numbers
- Information that could be traced back to a specific person, given the right circumstances
The GDPR states that any organization that processes personally identifiable information of EIJ citizens needs to comply with the CDPR, regardless of where they are located and where they have an office.
It classifies these entities as either data controllers or data processors:
- Data controller exercises control over the processing of
personal data and decides which data to collect
- Data processor acts at the direction of data controller to collect, store, retrieve, or delete personal data
Potential fines predicted for the GDPR non-compliance are severe and amount up to €20.000.000 or 4% of global annual turnover, whichever one is greater.
Another negative impact you may face, if you fail to comply with the GDPR, is the reputational one, where you risk the trust of your employees, business partners, customers, and other entities whose personal data you are handling.
Organizations have to map out all personal data flows and understand what is being processed, by whom and for what purposes, within their organization but also by the third-parties they are doing business with.
Mesier tracks where personally identifiable information is going through the employment of universal directory, provisioning, and the application-assigned workflows. Moreover, Mesier gives you the control and assurance that your pre-defined company policies are being enforced, eliminating any security loopholes within your organizational ecosystem.
Organizations have to accommodate and execute, in a timely manner, data subjects’ rights:
Mesier requires an active consent by the data subject each time new application is being shared with them through the Mesier central dashboard. This provides a detailed explanation about which app is trying to gain access to which personal data and to what end it will use it. Mesier pulls these information together and makes it easily accessible to each user, at any time, and enables exporting in a standardized format.
Companies are required to provide IT and security teams with actionable information and meet the 72-hour breach notification requirement.
Mesier provides detailed reporting, password scoring system and audit log that together uncover any abnormal activities in a timely manner and raise security alerts. By centralizing all data work into one place, data governance and potential audits are made easy.
Copyright 2018 © Mesier. All Rights reserved.