1 2 3 4 5 6 7 8 9 10
Third-Party-Whitepapers_Icon datasheet smart-tv white-papers videos tech-notes solution-briefs infographics case-studies brochures awards reviews podcasts guides

Forescout

5 Ways GDPR Will Change the Way We Do Business


By Jannine Mahone
Senior Solutions Marketing Manager – Compliance

Twitter: @JannineMahoneFS

Do you recall one of the largest breaches of personal data in 2017?

March 2017, Dun and Bradstreet: 33.6 million files.1 This data contained names, email addresses and telephone numbers. Although this is information that Dun and Bradstreet notes would “typically be found on a business card,” this data is included under the European Union General Data Protection Regulation (GDPR) definition of personal data.

According to the GDPR principles set out in Article 5, personal data must be: 2
(a)  Processed lawfully, fairly and in a transparent manner
(b)  Collected for specified, explicit and legitimate purposes
(c)  Limited to what is necessary in relation to the purpose for which it is processed
(d)  Accurate, relevant and kept up to date
(e)  Kept and stored for no longer than necessary for the purpose it was processed and in accordance with appropriate technical and organizational measures
(f)  Processed in a manner that ensures appropriate security that protects against unauthorized or unlawful processing, loss, destruction or damage

Companies need to consider two key factors: accountability and compliance. Under GDPR, companies will be more accountable for their handling of personal information. Key changes many companies will need to make are:

  1. Change how they collect, use and transfer personal data
  2. Make changes to or implement new IT systems dedicated to maintaining appropriate technical and organizational measures with a level of security appropriate to the risk
  3. Update privacy notices, policies, and contracts and terms with suppliers, customers, resellers and others
  4. Consider data privacy in product design by default, which may include pseudonymization and encryption of personal data
  5. Organizations must be able to notify the relevant supervisory authorities of a breach within 72 hours of discovery3

For a more detailed view of what organizations need to know to prepare for GDPR in the short time that is left, read our white paper.

1 Dun & Bradstreet database breached, 33.6M les vulnerable. https://www.scmagazine.com/dun-bradstreet-database-breached-336m-files-vulnerable/article/644419/
2 See Article 33: https://gdpr-info.eu/art-33-gdpr/
3 Official GDPR Text (PDF): http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

Contact Us

Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591

Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134

Also of Interest