The European Commission has published a new GDPR online tool to facilitate the application of its new data protection rules.
The General Data Protection Regulation (GDPR) takes effect on May 25th, 2018. The same rules apply to all companies offering services in the European Union or handling the protected data of EU citizens or residents.
This includes U.S. companies, even if they don't have subsidiaries in the EU. The new online tool was developed to assist small and medium-sized enterprises.
Guidance for practical application of GDPR
Knowledge of the new rules is not evenly spread. By some estimates, more than 80 percent of U.S. companies who will be affected (and may face stiff penalties if found non-compliant) have not adjusted their IT and data protection to the new GDPR reality yet.
The new website aims to help individuals, businesses (in particular SMEs) and other organizations to comply and benefit from the new data protection rules.
It includes GDPR basics - such as personal data and data processing covered by GDPR, data protection authorities and enforcement - and detailed explanations for businesses and organizations.
Getting a grip on GDPR before it bites
The website clarifies how and where GDPR applies to businesses, explains the distinction between data controllers and processers, and how companies are expected to handle requests from EU data subjects who request access or to amend their personal data stored by the company.
GDPR strengthens the right of EU citizens to information, access and the "right to be forgotten." A new right to data portability allows citizens to move their data from one company to the other.
Another goal of the regulation is stronger protection against data breaches. A company experiencing a data breach which put individuals at risk has to notify the data protection authority within 72 hours.
Source: IT Governance
GDPR has teeth; the deterrent fines can be steep. All data protection authorities will have the power to impose penalties of up to EUR 20 million or 4% of a company's worldwide annual turnover.
How a secure remote browser helps with GDPR readiness
The EU-wide data protection rules could severely impact any U.S. company storing and processing data of EU citizens. This is not a new development.
The regulation itself was adopted with a "soft launch" already back in 2016, with its "hard launch" scheduled for May 25h, 2018 to give companies time to adjust and prepare.
Authentic8 has followed this process closely because leveraging remote browser isolation with Silo plays a role in how our customers can prepare for GDPR:
Data Protection: When employees access the web with Silo, the secure remote browser, it protects the enterprise against all web-borne exploits and threats, without exceptions. This minimizes the risk of breaches that put the data of customers, contacts or employees in the EU at risk. Such data breaches could result in significant fines.
Employer Compliance: Companies that log the web activity of their EU employees or contractors will be subjected to extra GDPR scrutiny. Silo enables organizations to centrally access and manage all related data covered by GDPR, which makes it easy to respond to requests and stay compliant.
Audit-friendly: Silo is used by many leading organizations in highly regulated fields. Authentic8 customers include numerous ALM 50 law firms with a global presence, large financial services providers, and healthcare organizations. This secure remote browser-as-a-service provides a compliant and secure framework for the related workflow in all instances where accessing or processing data covered by GDPR requires the use of a browser.
The Financial Executives International blog recently pointed out that one of the biggest challenges companies will face in complying with GDPR lies in accessing and managing disparate GDPR relevant data repositories across the enterprise.
As a secure remote browser, Silo doesn't just provide maximum protection when accessing the web. It also enables organizations to master the GDPR challenge wherever the storing and processing of EU customer or employee data requires the use of a browser.
To achieve and prove GDPR compliance and to be ready when such data are requested by customers and current or former employees in the EU, centralized information governance will be key.
A properly designed secure remote browser like Silo enables admins to centrally manage policies and handle credential and access management. Silo allows for a unified view of GDPR relevant web activities, which will make responding to related data requests and conducting compliance reviews routine tasks that are easy to deal with.