New EU General Data Protection Regulation (GDPR): An IT Security View (TripWire.com)

Read the full article on TripWire.com 

The new EU General Data Protection Regulation (GDPR) is the biggest shake-up in privacy legislation and data management approach for many years. It will impact any organisation throughout the world that processes personal data relating to EU citizens. Organisations that breach the regulation can be fined up to four percent of their annual global turnover or 20 million Euros, whichever is greater.

Breaches will apply to firms that do not have adequate customer consent for processing their personal data or violate the principle of the privacy-by-design concepts and model.

It is crucial to note that both data controllers and processors are subject to the rules, especially if they fail to either carry out a privacy impact assessment or notify the authority (ICO, the Information Commissioner’s Office, in the UK) about a breach.

In this article, we will look at GDPR from the IT security perspective where ISO 27001 plays an important role.