EU companies taking steps to control access to personal data for GDPR compliance
When the General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, European organizations will be required to demonstrate control over who can access personal identifiable data that is collected or stored from any individual in the European Union (EU), according to a report by IT Portal.
The new regulation, which has been in the works for the past four years, aims to harmonize data privacy legislation across the EU and ultimately protect individuals using technology.
According to the report, GDPR gives businesses the opportunity to differentiate themselves by “achieving, creating and marketing GDPR data protection certification marks and seals.”
Once the regulation is in effect, companies will be required to answer several difficult data accountability questions, such as why are we holding personal data, how did we get it, why was it gathered originally, how long has it been held, how secure is the data in terms of accessibility and encryption, and do we share this data with third parties?
Successfully answering these questions, particularly the last two, requires having a comprehensive strategy to limit access to personal data. Organizations also need to have a clear audit trail of when the data was accessed and by whom.
To comply with the GDPR’s accountability principle, organizations will be required to demonstrate and document detailed compliance with data protection principles whilst conducting business – regardless of the location from which their users are working and the devices they are using at the time.
Many companies are also undertaking Privacy Impact Assessments, which is considered a key protocol under the upcoming regulation, to assess the effectiveness of their access management and authentication solutions.
Undergoing Privacy Impact Assessments will help determine if an organization has weak access credentials or authentication processes, which are undoubtedly red flags for GDPR compliance officers.
Proving and controlling which individual is accessing personal information, as well as the where and why they are accessing it, will be important.
Organizations can curb this risk using easy-to-manage manage, flexible multi-factor authentication solutions, which can be applied to any personal data from any location.
Previously reported, Syniverse and Pinn recently partnered to combine Syniverse’s global platform with Pinn’s attribution solution to deliver a stronger level of transaction security and continuous attribution, as required by impending regulation like the General Data Protection Regulation (GDPR).