PROTECTION & SECURITY
GDPR came into effect 25th of May 2018.
The EU General Data Protection Regulation (GDPR) supersedes all member states’ data protection laws. The new Regulation expands the rights of natural persons, giving individuals more control over how their information is collected and processed, while putting pressure on organisations that process EU residents’ personal data to tighten their data protection processes.
It is a unified approach to the protection of personal data, covering; data maps, data processing, data subject rights, breach notification, protection training and assessments.
The GDPR applies to all organisations established in the EU and to organisations, whether or not established in the EU, that process the personal data of EU data subjects in connection with either the offering of goods or services to data subjects in the EU or the monitoring of behaviour that takes place within the EU. Personal data is any information relating to an identified or identifiable natural person.
HOW THE IBCOM INFORMATION SECURITY MANAGEMENT SYSTEM & ISO27001/17 CERTIFICATION HELP WITH GDPR OBLIGATIONS
ibCom's compliance to ISO27001/17 means that a lot of the proof of compliance to GDPR principles/obligations is already met - particularly in regards to people, process & technology based on controls based on ibCom specific risk assessments and the measures outlined in ISO27001/27.
But given the GDPR regulations are about the totality of the protection of personal data, ibCom's compliance makes GDPR compliance a lot simpler, but is only part of an organisations obligations to the GDPR.
An organisation needs to do its own audit in regards to people and processes, knowing the technology that is supported by mydigitalstructure is fundamentally aligned with GDPR principles, as verified via our ISO2001/17 certification.
PERSONAL DATA THAT IBCOM COLLECTS
TECHNICAL METHODS MYDIGITALSTRUCTURE USERS CAN USE AS PART OF THEIR GDPR OBLIGATIONS
Pseudonymisation of sensitive data is a key part of the technical protection of data when it is at rest. This can be achieved on mydigitalstructure using it's protection via encryption and tokenisation methods.
Example flow for tokenisation of personal contact information using mydigitalstructure and encryption (as on same service);
Before calling the CONTACT_PERSON_MANAGE method to store/persist the data:
If you do not want to encrypt data as part of tokenisation then you need to use a third party service.
|Protection & Security
|Official GDPR Site
|ISO27001 & GDPR