GDPR (General Data Protection Regulation): what it is
GDPR is a European Regulation that, starting from May the 25th 2018, will rule data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
To whom it is adressed
GDPR is addressed to all Companies and Entities that collect European citizens personal data.
What if my company is based outside UE?
It is also addressed to societies, companies, firms and bodies of extra EU Countries that deal with EU citizens’ data privacy.
I have to deal with it even if my servers are located outside UE
Yes.
What do we mean for “Personal Data”?
According to European Commission “personal data is meant as any information of an individual, related to his life either private, professional or public. It can be about everything: names, pictures, email addresses, bank details, website and social network’s activities, medical information or IP PC addresses”.
An overview of the main changes under GPDR and how they differ from the previous directive
- The conditions for consent have been strengthened: consent must be clear and distinguishable and easily acces- sible form, using clear and plain language. It must be as easy to withdraw consent, as it is to give it
- Wider Data Subject Rights, that expects:
- Right to access data free of charge
- Right to be Forgotten (also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data and cease further dissemination of the data
- Right to edit data from the user side
- Breach Notification will become mandatory and the owner of the data must be informed within 72 hours of first having become aware of the breach.
- Impossibility to transfer data outside of EU Economic Territory without an explicit consent, unless specific conditions get applied.
- Data Protection Officers. Each Public Entity, as well as Companies managing big size databases, must have a DPO (Data Protection Of- ficer) responsible of Data protection. It can be an internal or external figure.
- Under GDPR, organizations in breach of GDPR can be fined up to €20 Million sanction, or 4% of annual global revenue.
- Analysis of specific risks.Throughout the GDPR, organizations that control the processing of personal data are encouraged to implement protective measures corresponding to the level of riskâ¨of their data processing activities. Although the GDPR is silent on how organizations should assess and quantify risk, certain trends emerge from the sections where risk does appear that will guide organizations in implementing a risk-based approach.
- Proportionality of obligations, which are now more modu- lated to adapt to the size of the owner and to the danger- ousness of the treatment.
How can we help you? From A to Z.
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world: it is clearly required to adopt the best available technologies to defend and secure its own network.
It is then needed to adopt solutions able to protect data from the beginning of the transmission, that set network administrators aware of potential risks and that promptly react to threats. Endian feature-suite is a complete solution including all the needed tools to allow you to prevent, protect and control.
Encrypted tunnel (VPN) to set your sensitive data transmission safe
Endian includes in all its products advanced systems of transmission data’s encryption, with different layers of simplified management, that al- lows to organize users and objects in an easy way, minimizing the risk of human error. In order to have a constant control of what happens in your network, as requested from GDPR, the first rule is to know who has access to different resources and be able to identify when he did it. Thanks to Endian Connect Platform, you can authorize and remove permissions in a granular but simple way, even in worldwide spread networks.
Real Time Network visualization
Do you know what is happening in your network right now? Are you aware of which applications your users are running? If not so, your Company productivity could be under risk and you would not be respecting new GDPR rules. Our solution allows you to have real time control on your network traffic, on an intuitive dashboard, and to store your data. The package also features a wide web reporting, email, security and much more that can be configured according selected parameters.
Controlling and real time reaction (IPS, Web and Mail Security)
Thanks to our Advanced Content Security Package, now included in all Endian products as a default feature, you can protect your co-workers from web and mail threats as virus, malware, phishing and spam, by exploiting cloud zero-day power with high performance engines. Intrusion Prevention System, deep-packet inspection and content altering, with more than 200 categories constantly updated. The best technologies available on market for an active protection.
Wi-Fi and Bring Your Own Device (BYOD)
Protection and monitoring have to be extended also to your guests and external co-operators, to respect the GDPR. Offer your visitors and guests to surf the web without compromising your network security: Endian UTM solutions provide guest-access management and allow you to create rules and apply filters for them, on a dedicated and separated physical network.