the winxnet blog Blog Header Image

GDPR Regulations and What It Means for Cybersecurity

Posted on 5/25/2018 10:31:45 AM by Dr. Eugene Slobodzian
Category: Security & Compliance



In a previous post, our Security and Compliance Office Judi Grassi explained the GDPR Regulations changing at the end of May. As of May 25, 2018, organizations working with data of individuals residing in the European Union (EU) will need to be GDPR compliant. The change might affect how you collect and manage personal information.

Under these new regulations, citizens of the EU will have more control over the security of the personal data and websites will be required to follow strict compliance directives to ensure this data is protected.

The penalties for non-compliance are serious, so here’s what you should know about how GDPR will shift the landscape of cybersecurity and what your company needs to do to get ready for this change.

  1. Personal Data: Under GDPR, the definition of personal data will expand. Aside from the basics of name, phone number, email address, physical address, driver’s license and bank account information, genetics and biometrics also need to be considered. Before collecting this information, a website must obtain consent from the person clarifying how the information will be used.
  1. Data Collection & Storage: After May 25th, there will be an increase of pressure on websites to tighten their cybersecurity and even integrate new practices. Websites must obtain permission for personal data through affirmative action and unambiguous language that is visibly stated on their website.

  2. Security Risks: Data leakage can occur at any stage, so it’s important to perform routine checks on all aspects of this framework, including website traffic, social media interaction, email threads and other forms of online engagement. Risk assessments can evaluate how efficiently the network is able to mitigate attacks. Any breaches that occur need to be reported within 72 hours of the security violation.

If you do not feel as though your organization is equipped to handle the new GDPR regulations from a security standpoint, then it’s time for a conversation with our security experts.