Home / GDPR

General Data Protection Regulation (GDPR)

What is the GDPR in simple terms?

GDPR countdown

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for EU citizens. The GDPR aims to give EU citizens back control and transparency over their personal data, how it is used, by whom and for what purpose.  Under the GDPR, personal data must be processed lawfully, fairly and in a transparent manner.  As the GDPR is a regulation, it is legally binding; if you’re not compliant with the regulation then you’re breaking the law.  It builds on the previous Data Protection Acts bringing more relevance to the technologies of today, in a world where data has become one of the most valuable assets of organisations. As of the 25th of May 2018 when the GDPR came into effect, businesses who do not comply, risk significant fines of up to €20m or 4% of global annual turnover, whichever is greater.

GDPR which business

Which businesses does the GDPR apply to?

The GDPR applies to any business (data controllers or processors) anywhere in the world that is processing personal data belonging to EU citizens. (Note: EU member states may have some specific exceptions applied at a national level) Personal data refers to any data from which you can identify an individual either directly or indirectly. It includes names, addresses, location information, online identifiers and special categories such as religious beliefs, political beliefs, sexual orientation, genetic data etc.

GDPR accountability

Accountability and Transparency

Under the accountability and transparency principles, businesses need to be able to clearly demonstrate proof that compliant processes are in place and their technical systems have data privacy by design and by default.

GDPR data controller

Are you a Data Controller/Data Processor or both?

The GDPR applies to both ‘data controllers’ and ‘data processors’. A ‘data controller’ determines the purposes and means for processing personal data whereas the ‘data processor’ processes personal data on behalf of the ‘data controller’. Data processors need to maintain records of personal processing activities and have legal liabilities if responsible for a data breach. It is the responsibility of the data controllers to update their contracts with the data processors ensuring they comply with the GDPR. Both can expect to be audited by the Data Protection Commissioners or Supervisory Authorities but data processors have the added pressure of being audited by the data controllers.

GDPR sharing personal data

Sharing and Transfer of Personal Data

Under the GDPR, businesses must take all reasonable measures to ensure the transfers and sharing of personal data occur over secure channels and apply security techniques such as encryption and minimisation as appropriate.  Businesses need to have real-time up to date views of their organisations internal and external transfers – the best way to achieve this is through a centralised data transfer management system so e.g. maps of transfers are always accurate and don’t rely on manual reference data updates.
The most common data breach reported by the UK’s ICO in Q4 2017 was due to personal data being emailed to incorrect recipients.  Having file sharing solutions built with safeguards to mitigate such risks and which enable businesses to demonstrate compliance is key.  It’s no surprise that our recent nationwide survey across 175 SMEs showed 3 in 5 IT managers have been tasked with reviewing their file sharing and data transfer solutions as part of their overall GDPR compliance project.

GDPR compliance isn’t a one-off exercise, it is an on-going requirement.  Putting the right technical solutions in place helps to ensure compliant processes are adhered to throughout organisations, can make passing data protection audits easier and can help to build customer trust which is the cornerstone to any good business.  Start today with what you already know to be high risk and fix the easy things first!

6 Essential GDPR Requirements when Transferring Data

Wizuda data protection by design
Data Protection
by Design
Wizuda impact assessments
Impact Assessments
Wizuda data security
Data
Security
Wizuda principles safeguard
Principles &
Safeguards
Wizuda data retention policies
Data Retention
Policies
Wizuda reporting
Reporting

01

Data Protection by Design

Wizuda’s Compliant File Share and Compliant Data Transfer solutions are built with privacy and compliance by design. Both products include granular permission and security control settings, full audit trails, a host of features built around compliance, and evidence based reporting which make passing data protection audits easier.

GDPR requirements Wizuda

02

Impact Assessments

Under the GDPR, Data Protection Impact Assessments are mandatory wherever there is high risk.

Wizuda CDT includes full impact assessment management with the ability to link to data transfers.  This helps to ensure compliance requirements are implemented at the transfer job configuration stages.

Wizuda CFS offers simple customisable impact assessment tick boxes which the user is prompted to answer prior to sharing a file.  Depending on the combination of answers and determined risk level, the message will either be sent for approval or directly on to the recipient.

GDPR requirements Wizuda

03

Data Security

Wizuda supports the latest secure protocol technologies including HTTPS and SFTP, along with encryption and data tamper-proofing; this ensures your file shares and data transfers are fully secured at rest and in transit.

GDPR requirements Wizuda

04

Principles & Safeguards

Implement appropriate data protection principles such as data minimisation and safeguards such as encryption.

The Wizuda Data Minimisation module comes as standard in both products removing the need to use separate data transformation tools.  This module enables users to minimise personal data through applying anonymisation, pseudonymisation and/or exclusion techniques in accordance with the GDPR.

Wizuda also supports the latest encryption technologies for all file share and data transfer operations.

GDPR requirements Wizuda

05

Data Retention Policies

Apply automatic data retention schedules to reduce storage costs and ensure your organisation is keeping data in accordance with its data protection policy.

GDPR requirements Wizuda

06

Reporting

The Accountability principle in Article 5 of the GDPR requires businesses to be able to demonstrate compliant processes.  Wizuda’s Evidence Based Reporting provides instant visibility over all file sharing and data transfer operations making it easier to pass data protection audits.

GDPR requirements Wizuda

Start your free trial today

The best way to demonstrate the software’s functionality and capabilities is to experience it yourself. Sign up for our free 14-day trial today – no credit card required.