Accountability is not a new concept in data protection. The existing EU Data Protection Directive incorporates principles of transparency and fairness, and requires organizations to be responsible and accountable for their processing of personal data.
Data plays a huge role in every aspect of our daily lives—from the way we work, to how we travel and communicate with family and friends. People are increasingly looking for clarity and transparency about how their personal data is used and protected by the organizations they interact with.
The GDPR makes a number of important changes to the existing data protection framework. One of the most important is its expanded territorial scope. Under the GDPR, the location of the individual whose data is being processed is a key factor, whereas the existing EU Data Protection Directive is more concerned with the location of the processing.
When it comes to the General Data Protection Regulation (GDPR) and its implications for data security, there is a lot to consider. Significant emphasis has been placed on the penalties for non-compliance and the new rules companies must follow in the event of a data breach. While this is understandable, at its heart the GDPR is about understanding your data and designing your approach to security around it. In this sense, the GDPR presents an opportunity for forward-thinking chief security officers and their teams.
Organizations established in the EU and processing personal data of EU-based individuals will, in almost all cases, be required to comply with the General Data Protection Regulation (GDPR) by May 25, 2018. In addition, the GDPR will now apply to organizations based outside the EU that offer goods and services to, or monitor the behavior of, EU-based individuals. If your organization falls into these categories, one of the essential first steps in your journey to compliance is understanding your data.