GDPR

General Data Protection Regulation - GDPR

What is GDPR?
GDPR came into force in May 2018, replacing the Data Protection Act. Although an EU directive the UK government has confirmed that the decision to leave the EU will not affect the regulations before or after the UK leaves the EU.

The GDPR significantly expands the level of accountability of data processors and controllers. Importantly the GDPR requires business leaders to prove that they are following the principles of the GDPR.

All organisations will need to examine, analyse and report on individual networks in order to adhere to GDPR requirements. Articles 39 and 47 of GDPR require companies to raise the level of security awareness of their staff. In order to be compliant companies will have to undertake training of their staff.

What are the consequences for businesses and organisations?

GDPR legislation consists of a complex suite of requirements and companies will be required by law to report data breaches to a supervisory authority and to individuals concerned. Failing to comply could mean fines of up to 20M Euro or 4 percent of your global turnover whichever is greater.



Tell Me More

Register below for more information.

GDPR Tell me More

GDPR Key Points of Reference

Compliance
When preparing for compliance, organisations must interpret audit requirements and controls, and then also face the huge task of managing and analysing extreme volumes of data – and the consequences of non-compliance can be significant. Matraxis has partnered with leading Cyber solution providers to address these issues with a practical and cost effective solution.

Consent:

Individuals must provide specific, informed and unequivocal consent for the processing of their information collected for specific purposes. Valid consent must be explicit for the data collected and the purposes used - and consent may be withdrawn. It is required that organisations are able to prove consent for ‘sensitive’ data.

Data Protection Officer (DPO):
With the regulation all public institutions will be required to employ a DPO. All private organisations must also employ a DPO if their business is centred on processing personally identifiable information or systematic monitoring of people.  Where a DPO is not required all businesses must be able to document that they are in control of security concerning personally identifiable information.

Data Breaches:
The data controller will be obliged to notify the relevant supervisory authorities without “undue delay” and in some cases where individuals are affected within 72 hours of becoming aware of the breach. In such cases individuals whose data have been breached also have to be notified.

The Right to Erasure:
Individuals have the right to request removal of personally identifiable information on a number of grounds such as the data no longer required for the collected purpose or if the individual withdraws their consent.

Data Portability:
The GDPR outlines that individuals must be able to transfer their data from one processor to another, and the data must be presented in a structured, commonly used electronic format.  This is implemented to ensure individuals are protected from having their data stored on closed platforms, where they are subject to lock-in.

How can Matraxis help make your organisation achieve GDPR compliance?

We can advise on the advantage and adoption of a comprehensive security information and event management solution as we believe this will significantly support organisations as they comply with the new legislation.

A professionally implemented SIEM will ensure that the necessary logs exist to assist your organisation in complying with the new standards. By utilising a SIEM solution, you will be able to monitor access to systems where personally identifiable information is stored as well as monitor the security on those systems and receive alerts when they are accessed. A thoroughly implemented SIEM will ensure that logs exist, are stored and protected, while the processes around the SIEM will ensure that alerts, incidents and reports are processed in due time.
Share by: