Dispelling Three Myths About GDPR
Busting Three GDPR Myths
We’ve all heard the hype, read the articles, received the emails, sat on the webinars, right? But there are still several misunderstandings and miscommunication out there surrounding the EU General Data Privacy Regulations (GDPR) which will come into effect on 25 May 2018, whether you are ready for them, or not. So, let’s bust those myths once and for all.
#1. GDPR – it’s just an EU thing, isn’t it?
Wrong! GDPR applies to your business if your customers are located in the EU. It doesn’t matter where your company is headquartered. It is all about them, not you. The point is, if you collect and store any data that relates to any customer that is EU based, GDPR applies to you. And, just because the UK voted for Brexit, doesn’t mean the UK is exempt. Far from it. The UK will still be a part of the EU when the legislation is enacted and will also be subject to the regulations. Nice try!
#2. Isn’t GDPR all about marketing stuff?
Wrong! Although a large part of the GDPR legislation pertains to how you collect and use information, there is also a part of the GDPR regulations that describes what you must do if you have a data breach. If you can’t find the answers to “who”, “what”, “where”, “when” within 72 hours of becoming aware you’ve had a security problem and don’t notify the relevant authorities, you will be in big trouble (how does a fine of up to 4% of your global annual turnover sound? Ouch!).
#3. GDPR doesn’t apply to my existing data
Wrong again! All existing processes will need to be re-evaluated and the new regulations applied. Sorry! You can’t consign the data you have already to a deep, dark corner of your network and pretend it doesn’t exist. You will have to be able to protect it and show your processes for understanding what happened during a data breach comply with GDPR across all new and existing data.
So, it is not all about EU based companies, or marketing stuff or just new data after all. It encompasses storing personal data you collect or have already collected, keeping it safe from nefarious crooks and holding your hands up when your network is breached.
How do I become GDPR compliant?
When GDPR comes into play in Europe in May 2018, organisations will have just 72 hours to report detected breaches to the relevant authorities. Failure to do so could result in a significant fine up to €20 million or 4% of your global turnover. However, working out which records have been compromised in such a short-time frame is going to prove almost impossible without the right tools.
Tools such as the Viavi network performance management solution serves as a CCTV for the network and records all traffic without dropping, slicing, or manipulating the wire data in any way. Even in high-speed, heavy transaction environments like trading companies – Observer GigaStor captures all the packets for investigations, replay, and reconstructing the breach.
If you would like to discuss how Viavi Solutions can help you get the answers to the 4W’s fast, should the unthinkable happen, get in contact now.