{"id":3016,"date":"2018-04-04T21:07:41","date_gmt":"2018-04-04T21:07:41","guid":{"rendered":"https:\/\/tsisupport.com\/?p=3016"},"modified":"2021-07-07T05:16:28","modified_gmt":"2021-07-07T09:16:28","slug":"need-know-gdpr-compliance","status":"publish","type":"post","link":"https:\/\/tsisupport.com\/tsistaging\/?p=3016","title":{"rendered":"IT Compliance: What You Need to Know about GDPR Compliance"},"content":{"rendered":"

The General Data Protection Regulation (GDPR)<\/a> is a regulation requiring businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. Every company conducting business within the EU will need to comply to these strict new rules by May 25th <\/sup>which will likely cause concerns and heightened expectations for security teams due to the broad, yet stringent nature of the GDPR requirements.\u00a0 For example, one such change will require companies to provide the same level of IT safeguards for things like an individual\u2019s IP address or cookie data as they would for name, address, and Social Security number.\u00a0Similar to HIPAA<\/a> & PCI Compliance<\/a>, GDPR seemingly allows room for some interpretation.\u00a0 It states companies must provide a reasonable<\/em> level of protection for personal data; yet does not define what constitutes as reasonable<\/em>. This vague terminology allots significant authority to the GDPR governing body to interpret each violation on a case by case basis when assessing fines for data breaches or instances of non-compliance.\u00a0 To help clarify and navigate through these extensive requirements, we\u2019ve compiled a brief overview of what a company conducting business within the EU needs to know about GDPR\u2026<\/p>\n

What is the GDPR?<\/strong><\/span><\/p>\n

The European Parliament adopted GDPR<\/a> in April 2016, replacing the outdated Data Protection Directive of 1995<\/a>.\u00a0 Within it, there are new provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states as well as the exportation of personal data outside the EU.\u00a0 The requirements include all 28 EU member states, meaning companies have one universal standard to meet within the EU, albeit a very high standard that will require a significant investment to meet and implement.<\/p>\n

Why does the GDPR even exist?<\/strong><\/span><\/p>\n

The most rudimentary answer to that question is that public concern over privacy drove parliament to act. Europe has had a long history of stringent rules concerning how companies use the personal data of its citizens, and the new GDPR requirements address the changes in today\u2019s increasingly volatile technological landscape that are not addressed in the original Data Protection Directive<\/a> of 1995.<\/p>\n

There is also a very real concern over privacy as more and more high-profile data breaches occur. The GDRP functions to dually address consumer privacy concerns as well as bring security awareness to the forefront of organizations IT best practices. According to the 2017 Cost of Data Breach Study conducted by Ponemon Institute & IBM<\/a>, consumers cited data breaches as a top concern, demonstrating a clear correlation in consumer loyalty and data protection. Lost information such as passwords and personal identifiable information resulted in an average loss of 3.24% in consumer retention, with countries like Italy, and France exhibiting the highest churn rates. This is exacerbated in industries that are more susceptible to losing customers following a data breach, such as the Financial and Health sectors, which exceeded a 5% churn rate.<\/p>\n

Perhaps the most alarming takeaway from the study is that the steep fines and penalties are not the only risk associated to non-compliance, a company\u2019s reputation and brand image are at irreparable danger following the loss of personal information.<\/p>\n

What data does the GDPR protect?<\/strong><\/span><\/p>\n