The recently approved European Union General Data Protection Regulation (GDPR) made it mandatory to report data breaches –within 72 hours. This is easier
said than done. The penalties are either 4% of annual turnover or £20million depending on the greater.
Nuix is an Information Management Solutions provider allowing Organizations around the world turn to Nuix software when they need fast, accurate answers
for digital investigation, incident response, information governance, e-discovery and much more.
Some questions we are being asked:
- What does it mean for business, law enforcement and regulators?
- What should a company do now with regard to their processes and procedures to ensure compliance?
- How will the GDPR encourage innovation and use of big data/investigation solutions?
- Does our organisation have enough initiatives to improve current investigations due to compliance, regulation, concern for Data Loss?
- Do our current investigation solutions lack efficiency and effectiveness?
- Do we know where all your data resides and what data is relevant?
- And the big one, Does it even matter after Brexit? I will give you a clue, it does!
Key points of the GDPR are as follows:
- Maximum fines for data protection breaches are 4% of global annual turnover;
- Mandatory reporting of serious security breaches to regulators and affected individuals;
- Stricter rules on obtaining consent, with companies no longer able to rely on “opt-outs” to justify data processing;
- New rights for individuals, including a “right of erasure” to require companies to delete their personal data;
- Direct obligations placed on data processors for the first time, including specific new requirements for existing and new data processing contracts;
- New overarching principles of “privacy by design” and “privacy by default”, requiring organisations to build in data privacy protections from the start
in all new products and services;
- Companies which process sensitive data on a large scale, or which monitor individuals on a wide scale, will need to appoint an expert, independent
and senior Data Protection Officer;
- Companies based outside the EU will be subject to the GDPR when offering goods or services in the EU, or monitoring individuals in the EU; and
- Pan-European business will have a lead data protection regulator in the EU country where they are mainly established (the so-called “One Stop Shop”)
One of the major products on the market against these issues is NUIX. This product has received media publicity recently in light of the Panama incident
as this product was used to catalogue all the data breaches and make sense of it in a timely manner. More information can be found here: https://www.nuix.com/panama-papers-how-nuix-helped-uncover-facts
Nuix in Under 4 Minutes
We will be bringing out more information on GDPR to help educate our customers in the near future but if you would like to discuss what we are doing to
help customers, email me personally at firstname.lastname@example.org.