The European Union’s new General Data Protection Regulation (GDPR) is officially in effect May 25, 2018. However, Gartner believes that less than 50 percent of all organizations will have fully complied with GDPR by that date.
While complying with GDPR has raised challenges for many organizations, it is important for all businesses to take this opportunity to assess security gaps and improve their security posture. In fact, non-compliance could severely cost companies. Thankfully, with the proper tools, resources and features provided by the right security product, you can become GDPR compliant without too much disruption to businesses.
At Perimeter 81, we’ve taken the steps necessary to ensure we are completely GDPR compliant. Here’s what we’ve done and how we can help you become GDPR compliant in no time.
GDPR: How Does it Work?
In an attempt to establish a single set of data protection rules across Europe, GDPR aims to give citizens control over their personal data and regulate international business procedures in the EU. However, the regulation also affects businesses that handle citizen’s data outside of the EU, meaning they are equally obligated to provide secure data storage and transmission.
“The GDPR is not about where you are. The GDPR is about who you are affecting. If you’re getting data from a European citizen, you are subject to GDPR.” says Siddhartha Rao, the founder of a boutique practice in New York city called Rao Law Group. “If your employees connect to public Wi-Fi and places that are not secure, this is critical. If they have personal data of European citizens on their local devices, or if they’re transmitting data over unsecured Wi-Fi, you have a serious potential security problem. If there is a security issue and data is potentially lost or hacked into, you might face claims for data loss.”
The requirements include 160 different regulations on how you collect, store and use personal information, including anything that identifies an individual, both directly or indirectly. Here are the key GDPR changes to be aware of:
- Control of Personal Data
GDPR allows individuals in the EU to request a copy of personal data stored in organizations databases as well as granting them the right to be forgotten.
- Security Policies
Organizations must implement security policies that allow them to record data and activities and protect data by establishing written agreements with vendors.
- Data Breach Notifications
Organizations must report data breaches to authorities and, under certain circumstances, to those affected.
- Monitoring and Logging
Additional obligations will fall on organizations engaged in profiling or monitoring behavior of EU individuals.
- Control of Personal Data
Consequences of Non-Compliance
One significant impact GDPR will have on organizations is the fines imposed on businesses that do not comply with the new regulation. Penalties for violations of record keeping, security, breach notifications, or privacy obligations can reach ten million euros, or two percent of income – whichever is larger.
These fines can be doubled to twenty million euros or four percent of turnover for violations related to legal justification for processing, lack of consent, data subject rights and cross-border data transfers. This has the potential to be a critical, bankrupting event for many businesses.
That means large enterprises could face hundreds of millions of euros for a single breach penalty. Management consulting firm Oliver Wyman predicts that the EU could collect as much as $6 billion in fines and penalties in the first year.
Meeting GDPR with an Advanced Cloud VPN
Although the requirements are clear, GDPR does not offer technical direction on how to meet these standards. Instead, organizations are independently responsible for deriving a plan to meet data security requirements. Admittingly, this sounds quite data heavy, but each of these benchmarks can be easily met using an advanced cloud management platform.
The Virtual Private Network (VPN) uses pre-shared keys to identify, authenticate and authorize user access. Using a VPN that offers a centralized cloud management platform, an entity can create customized user access to sensitive data – including cloud environments, SaaS services, sandbox and production environments, and more.
Additionally, data passing over any network is secured with advanced encryption. This creates a virtual tunnel so data can’t be intercepted by snoopers, hackers or third parties. By offering network visibility and identifying risks and vulnerabilities to your systems and data, detailed activity reports provide insight into which resources are being accessed, what applications are being used, and how much bandwidth is being consumed.
Accelerate Your GDPR Compliance with Perimeter 81
At Perimeter 81, we are committed to protecting your company’s data and your customers’ data.
In order to ensure complete GDPR compliance, we have:
- Undergone a full third-party audit
- Ensured that our platform meets all data storage requirements
To help you navigate the GDPR and secure your clients’ data, we provide:
- Automatic protection on unsecured public Wi-Fi
- 256-bit AES encrypted network connections, both on-site and remotely via remote access VPN
- Secure, policy-based access management
- Monitoring, logging, auditing and security analytics
- Multi-Factor-Authentication (MFA)
- Granular access to cloud environments
- DNS Filtering Solution
Automatic Wi-Fi Security for GDPR Compliance
With GDPR in effect, the way businesses handle Wi-Fi security will change drastically. Thankfully, at Perimeter 81 we have made this one of our key priorities. A recent breakthrough we’ve had is our Automatic Wi-Fi Security feature which is a special built-in functionality to all of our applications that allows users to automatically deploy a VPN connection even if the device is locked and in your pocket.
Once you install Perimeter 81’s client applications, you can rest assured that data passing over any network is secured with 256-bit bank-level encryption. Perimeter 81’s innovative Automatic Wi-Fi Security immediately shields data by automatically activating VPN protection when employees connect to unknown, untrusted networks.
If you have any more questions about GDPR, our Automatic Wi-Fi Security feature, or the steps we at Perimeter 81 have taken to protect your data, please don’t hesitate to contact us.