GDPR: New European regulation in the field of personal data protection

In accordance with the European Commission's data protection regulation (GDPR), which will come into force on May 25, 2018, any organization – regardless of its own location – which contains personal data of the European Union citizens will be responsible for its safety.

Failure to comply could potentially cost companies four percent of annual turnover or 20 million euros.

The Regulation refers to organizations that collect or process personal data of EU residents, regardless of whether these companies are located in the European Union or not. In other words, anybody who interacts with a European citizen on a business level is going to be subject to GDPR in one way or another.

The subject of care is personal data. According to the European Commission personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address. 

As it happens, many companies collect a huge amount of data about users and do not care too much about its safety. Years of improper use have shown how little effort organizations have made to understand where data is stored, used and what type of data exists. This has sometimes been due to competitive purposes, sometimes malicious and sometimes because of an indeterminate desire to have it just in case. Exactly this situation urged European Union to introduce GDPR.

For today the key threats to comply are:

• Lack of knowledge about where personal data is stored;
• Inability to identify "toxic" data, old data and useless data;
• Lack of opportunity to respond timely for data requests.

All the above-mentioned makes many organizations take the provisions of the GDPR seriously and introduce technologies aimed to its comply.

And this could be a huge opportunity for business. Many organizations are looking for help how to control personal data properly.

To start, organizations affected by future changes are to take simple steps with data:

• Collect - determine what personal data you really need and collect only it;
• Use - simplify the marketing use of data;
• Keep - delete data you don’t need.

Then it is necessary to determine an appropriate IT solution and its supplier, that will help you put in place that high control, policy-driven protection system you need without having to become a security expert.

The GDPR is primarily aimed to protect the notorious privacy. This means one more reason to ensure the information security of infrastructure of organizations. And in this case DLP-systems have proved themselves very well. They could help bring your business in line with the legislation introduced and avoid heavy fines.