https://www.csoonline.com/article/3202771/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html
By Michael Nadeau
Senior Editor
CSO
May 29, 2019
Companies that collect data on citizens in European Union (EU) countriesl
need to comply with strict new rules around protecting customer data. The
General Data Protection Regulation (GDPR) sets a new standard for consumer
rights regarding their data, but companies will be challenged as they put
systems and processes in place to maintain compliance.
Compliance will cause some concerns and new expectations of security
teams. For example, the GDPR takes a wide view of what constitutes
personal identification information. Companies will need the same level of
protection for things like an individual’s IP address or cookie data as
they do for name, address and Social Security number.
The GDPR leaves much to interpretation. It says that companies must
provide a “reasonable” level of protection for personal data, for example,
but does not define what constitutes “reasonable.” This gives the GDPR
governing body a lot of leeway when it comes to assessing fines for data
breaches and non-compliance.
Time is running out to meet the deadline, so CSO has compiled what any
business needs to know about the GDPR, along with advice for meeting its
requirements. Many of the requirements do not relate directly to
information security, but the processes and system changes needed to
comply could affect existing security systems and protocols.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
