fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Data Protection Authority GDPR: Everything You Need To Know

Data Protection Authority GDPR
First things first. GDPR stands for General Data Protection Regulation. It is a European Union law and replaces the data protection authority GDPR which was not.

Data Protection Authority GDPR: Everything You Need To Know

What does GDPR stand for?

First things first. GDPR stands for General Data Protection Regulation. It is a European Union law and replaces the data protection authority GDPR which was not.

What does the data protection authority GDPR stand for, philosophically?

At its core, the data protection authority GDPR is meant to fundamentally reshape how personal data are collected and processed by giving all individuals living in the European Union (or the greater European Economic Area) new rights to access and control their data on the Internet. There are many new rights, but several of the most common include:

  • Legal basis for processing — Your organization must justify data processing based on one of seven legal bases described in Article 6, such as a user’s unambiguous and explicit consent.
  • The right to be erasure — Also known as “the right to be forgotten,” your organization must respect your users’ request to delete their data, under certain circumstances.
  • The right to access — Your organization must supply your users with a copy of all the data you have collected from them.
  • The right to rectification — Your organization must correct any data that a user feels are inaccurate or complete data that a user feels is incomplete.
  • The right to data portability — Your organization must transfer the data you have from a user to another organization or the user, under certain circumstances.

Does the GDPR only apply to tech companies?

Short answer: no. According to Article 3 of the GDPR, any “controller” or “processor” that provides any good or service to an individual that lives in the EU (or the EEA) is subject to the data protection authority GDPR.

According to Article 4, a controller is a “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data,” while a processor is a “natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

There is a lot to parse in those two phrases, but essentially a controller is any person, agency, organization, or business that collects, analyzes, share, or otherwise uses data. Are you a hotel that asks clients for personal information when they check in? If you have European clients, you are subject to the data protection authority GDPR.

What are ‘personal data’?

Knowing whether the information you process qualifies as personal data is crucial to determining whether the data protection authority GDPR applies to your organization. While a complete answer would run several pages, basically any subjective or objective information that could be used, or used in combination with publicly available information, to identify a living human being counts as personal data.

What effect has the data protection authority GDPR had so far?

The GDPR requires controllers to report data breaches to the relevant supervisory authority, generally that country’s Data Protection Office, within 72 hours. This new requirement has shined a light into how often personal data is exposed. One survey showed that nearly 60,000 data breaches were reported in the first eight months after the GDPR went into effect.

It has also led to significant investment in hiring and training privacy personnel and purchasing privacy technology. Nearly 80 percent of the companies responding to the EY-IAPP survey said privacy training was their priority for GDPR compliance this year. In the same survey, a quarter of companies said they had changed their data processor due to the GDPR, and fewer than half expect to keep their current processor. The GDPR has created a massive new marketplace for secure-by-design technology and services.

Finally, the GDPR has led to a groundswell in awareness about how personal data are handled and how many organizations process personal data every day. Data protection authority GDPR were signed in California and Brazil that openly cite the GDPR as an inspiration. Other countries around the world have also begun debating their own data protection authority GDPR as well.

Also read: Completed DPIA Example: 7 Simple Helpful Steps To Create

The data protection authority GDPR is meant to fundamentally reshape how personal data are collected and processed.

How many fines have been assessed under the GDPR?

According to one study, only 91 fines have been assessed under the GDPR — although one was the record-setting €50 million fine against Google. Given that there were almost 60,000 reported data breaches, this is almost certainly an underrepresentation. And 2019 should see a dramatic acceleration of GDPR enforcement. This year, data protection authority GDPR agencies were busy staffing up, answering compliance questions, and interpreting the GDPR for themselves, same as companies.

This year, data protection authority GDPR agencies will be more able to pursue investigations. Furthermore, privacy advocates, like the nonprofit None of Your Business and the French Association La Quadrature du Net have already filed dozens of GDPR complaints against major corporations, like Google, Facebook, Instagram, and WhatsApp. As these complaints work their way through the system, it is likely we will see more major fines against some of the world’s largest corporations. As Raegan MacDonald, the Head of EU Public Policy at Mozilla told The Next Web, “I suspect that if 2018 is the year of implementation, 2019 will be the year of enforcement.”

the GDPR has led to a groundswell in awareness about how personal data are handled and how many organizations process personal data every day.

Is the GDPR impossible to comply with?

We end where we began. The GDPR is undoubtedly a complicated document, but encouragingly, it seems less complex now to the privacy professionals tasked with implementing it than it did last year. Respondents to the EY-IAPP survey have given progressively lower difficulty scores for nearly every GDPR compliance responsibility each year since the survey began in 2017.

The majority of businesses and consumers actually appreciate what the GDPR stands for: keeping data safe and giving individuals greater control. It seems likely that its principles will spread globally. While there has been a lag in enforcement over the past year, companies put off GDPR compliance at their own peril. With the right resources and some dedication, all organizations can take the steps necessary steps to protect their users data.

Also read: How Being Data Protection Trained Can Help With Job Retention

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us