As Cybersecurity Awareness Month begins, nFront Security and Elroi have partnered this month to show the importance of protecting your sensitive data. Throughout the month, we will be sharing tips on how to #BeCyberSmart. Elroi specializes in helping enterprises understand and follow the guidelines for GDPR. First, what is GDPR and am I affected by the compliance regulations? GDPR is the General Data Protection Regulation that was adopted by the European Union (EU) in April 2016 and has been enforced since May 2018. The GDPR compliance applies to everyone who provides goods and/or services to citizens in the EU, regardless of whether or not there is a physical location in the EU. Here are a few examples of what companies and organizations will be affected:
- You have a boutique clothing company based out of New York City, New York that also has an online website. Residents of the EU have purchased items from your website.
- You have an online consulting company for Search Engine Optimization based out of your home in Orlando, Florida. You have had at least one customer whom you have helped that resides in the EU.
- You have a manufacturing company with multiple offices throughout the entire world, one of which is located in the EU.
- You have a company or organization that provides goods and/or services to residents of the EU, and your only location is in the EU.
- You have a photography website where members create a personal profile about themselves with a username and password in order to share photographs with others. At least one of your members of this free website is a resident of the EU.
The ultimate goal of GDPR compliance is to keep sensitive personal information protected for residents of the EU. Let’s clarify what constitutes as personal data. Personal data can be anything, such as a name, email address, physical address, medical information, banking details, photographs, computer IP address, and any other pieces of information that can identify a resident of the EU.
Power has shifted to the residents of the EU by now being able to file lawsuits against a company who breaches their personal data. A company has 72 hours from the time of the breach to notify any affected individuals. Penalties for not being in compliance with GDPR can be either €20 Million or 4% of global annual turnover – whichever is greater. This has been the most important change in data privacy regulations in over 20 years. This is not an option, but a requirement. The EU hopes that the rest of the world will follow in their guidance.
Elroi’s mission is to recreate the data ecosystem together. Consumers and organizations should know their options for protecting their data online. Elroi helps companies achieve CCPA and GDPR compliance. If you are a consumer who wishes to learn more about online privacy, visit their site here.
At nFront Security, we applaud the new regulations that the EU has passed. This is a very wise choice for the EU to require all companies to protect their citizen’s personal information to the highest standards. By being GDPR compliant, your customers will be able to have trust and confidence in your company that their personal data is being protected. In a digitalized economy, this is very important. There are many topics in the GDPR compliance article related to breach notifications, consent, data portability, and privacy by design. However, one of the most important trends in all of the requirements is protection from data breaches. Most companies know that the threat of a data breach is very prevalent in today’s time. If there are not certain security measures in place, the question isn’t if they will be hacked, but when.
One final note, we encourage companies to reevaluate their password policies. Having a strong password policy is your first line of defense to protecting your company’s most treasured assets… your customers. Many companies are Windows-based, and the default password settings for Windows will not keep your company secure with the ability to use Password1 as a password. The result of a data breach could cause your company to pay a minimum of €20 Million if you are regulated by GDPR compliance. Do your company a favor and implement a Windows Password Filter to ensure that no weak password will be used on your company’s network. For more information, please click here.