How to carry out the 3 obligations in the field of security, to be able to comply with the GDPR
One year has passed since the entry into force of the General Data Protection Regulation (RGPD) that affects any company in the European Union, which collects or stores personal data of its customers and workers, ensuring that such data is protected, regardless of where they are sent, processed or stored.
The processing of personal data with different purposes and different volumes of information and complexity is a reality within the daily activity of companies and for this reason, companies must be very aware of the actions they must take to comply with the GDPR , especially in the field of security.
Fulfilling the GDPR implies for the companies 3 obligations in the field of security:
- Protect personal data
- To be able to demonstrate to the AEPD that we are protected with concrete measures.
- Be able to detect security breaches and notify them in less than 72 hours.
On this third point, there are usually many issues in this regard and we want to tell you that the Spanish Agency for Data Protection (AEPD) recently launched a guide to help companies to manage and report security breaches to the AEPD . The guide, whose link we include at the end of the article, is addressed to companies that store personal data and indicates how to report incidents with this type of information, something mandatory since the entry into force of the new data protection law last 25 May 2018
Currently the companies "It takes an average of two to three months to realize that there is a problem", so it's logical that the agency recommend the document to clearly help to know how to proceed in these cases. To do this, in order to discover quickly an incident in terms of privacy, the agency recommends contemplating symptoms such as the slowdown of the network, but especially emphasizes have warning and remediation systems. Likewise, the agency affirms that once the gap is detected, classified and notified through the digital portal of the AEPD, "it is possible to recover the peace of mind". However, if the security breach involves a high risk for rights and freedoms, it is mandatory to inform, in addition to the public agency of the problem, to the people affected, "with clear and simple language and in a concise and transparent manner".
How does Microsoft 365 help you?
Microsoft 365 is in a unique position to help you comply with the GDPR , offering you the most complete set of market compliance capabilities, far more comprehensive than any other cloud service provider.
Microsoft 365 solutions help you comply with the rules like this:
- Identify personal data and where they reside, regulate their access and use, and establish adequate security controls.
- Keep data protected on all devices, applications and services in the cloud and local using the integrated functions of classification, tagging and protection of Microsoft 365, as well as identity protection functions.
- Detect and react to theft of personal data: On the one hand it helps us to detect accidental information leaks and on the other hand, to detect attacks and cyber thefts, in order to be able to know the details of what happened instantly and if necessary, to be able to inform the agency in less than 72 hours, as marked by the regulation.
In summary: Deploying well and completely Microsoft 365, you will have compliance with the GDPR at your fingertips. And it does not matter at what point you are on your way to comply with the GDPR , at Softeng, as specialist partners in Microsoft cloud solutions we can help you meet the requirements of the new regulations.