How to carry out the 3 obligations in the field of security, in order to comply with the GDPR
One year has already passed since the General Data Protection Regulation (RGPD) came into force, which affects any company in the European Union, which collects or stores personal data of its clients and workers, guaranteeing that said data is protected, regardless of where they are shipped, processed or stored.
The processing of personal data for various purposes and different volumes of information and complexity is a reality within the daily activity of companies and for this reason, companies must be very aware of the actions they must take in order to comply with the GDPR , especially in the field of security.
Complying with the GDPR implies for companies 3 obligations in the field of security:
- Protect personal data
- To be able to demonstrate to the AEPD that we are protected with concrete measures.
- Being able to detect security breaches and notify them in less than 72 hours.
On this third point, there are usually many questions in this regard and we want to tell you that the Spanish Data Protection Agency (AEPD) recently launched a guide to help companies manage and notify security breaches to the AEPD . The guide, whose link we include at the end of the article, is directed to companies that store personal data and indicates how to report incidents with this type of information, something mandatory since the entry into force of the new data protection law last 25 May 2018.
Currently companies "It takes an average of two to three months to realize there is a problem", so it is logical that the agency Recommend the document to clearly help you know how to proceed in these cases. To do this, with the aim of being able to discover quickly an incident in terms of privacy, the agency recommends considering symptoms such as network slowdown, but especially emphasizes have alert and remediation systems. Likewise, the agency affirms that once the breach has been detected, classified and notified through the AEPD's digital portal, "it is possible to regain peace of mind." However, if the security breach poses a high risk to rights and freedoms, it is mandatory to inform, in addition to the public agency of the problem, to affected people, "with a clear and simple language and in a concise and transparent way".
How does Microsoft 365 help you?
Microsoft 365 is in a unique position to help you comply with the GDPR , offering you the most complete set of compliance capabilities on the market, much broader than any other cloud service provider.
Microsoft 365 solutions help you comply with the regulation like this:
- Identify personal data and where it resides, regulate its access and use, and establish adequate security controls.
- Keep data protected across all cloud and on-premises devices, applications, and services using Microsoft 365's built-in classification, labeling, and protection features, as well as identity protection features.
- Detect and react to theft of personal data: On the one hand, it helps us detect accidental information leaks and, on the other, to detect cyber attacks and thefts, in order to be able to know the details of what happened instantly and if necessary, be capable of reporting to the agency in less than 72 hours, as required by regulation.
Bottom line: By deploying Microsoft 365 well and fully, you'll have GDPR compliance at your fingertips. And no matter where you are on your way to comply with the GDPR , at Softeng, as partners specialized in Microsoft cloud solutions we can help you meet the requirements of the new regulations.