With the May 25 deadline for the EU’s General Data Protection Regulation (GDPR) fast approaching, businesses that haven’t been versed in the 204-page piece of legislation may soon be in for a rude awakening – specifically once they grasp the global implications of the regulation, which will touch virtually every business in some capacity.
The GDPR builds on the European Commission’s almost 23-year-old Data Protection Directive – along with a similar piece of UK legislation, the Data Protection Act of 1988 – to not only update laws in response to the growing cybersecurity threat landscape, but to inform a new generation of best practices for data protection that can be applied across industries.
After years of debate dating back to 2012, the EU passed this contested legislation in December 2015, giving organizations more than 2 years to read up and prepare for compliance. At the core of the regulation is the assignment of specific individual rights that give citizens of the EU greater control and ownership of the personal data businesses collect. These include:
- The right to be informed – Essentially assuring that consumer data isn’t collected without the individual being notified
- The right of access – Gives citizens previously unwarranted access to all the data that an organization collects on them
- The right to rectification – Allows users to correct misinformation that they noticed in collected data as part of their “right of access”
- The right to erasure – Also known as the “right to be forgotten,” gives citizens agency to terminate a business relationship and all associated records under pressing circumstances.
- The right to restrict processing – Should individuals wish to pause a business relationship rather than take the “erasure” route, they can halt personal data collection and analysis
- The right to data portability – Transfers all data ownership over to the individual, meaning businesses can’t hold certain data “hostage” and restrict it from being viewed by other organizations (competitors, for instance) should the individual wish for it to be shared.
While there are nuances to each of these rights that the larger text of the GDPR dives deep into, reflecting on existing policy with these overarching themes in mind will help give teams a better understanding of the scale and scope of their policy overhauls.
What positions the iboss Distributed Gateway Platform as the perfect solution for network management teams reevaluating how they collect and protect data is that it can be implemented with relative ease and without massive network overhauls. The iboss Distributed Gateway Platform is comprehensive, featuring the latest advanced threat detection and protection capabilities to ensure that data is isolated from outside parties and has minimal exposure to potential threats – checking off most of the fundamental requirements of the GDPR in one fell swoop. Because cloud-delivered gateways can be dropped-in to replace legacy appliances, teams in a crunch to reorganize won’t have to expend excessive resources on network rearchitecture, allowing them to focus on the nuanced policy changes that could otherwise slip through the cracks.
To learn more about the Ws of GDPR, download our comprehensive eBook on the topic, “The 5 Ws of GDPR: A Starting Point for Compliance”
Simon Eappariello is the Senior Vice President, Product & Engineering, EMEIA at iboss