Current Magazine

RGPD: How To Secure Your Data?

Posted on the 15 November 2018 by Biznewsday

RGPD: How To Secure Your Data?

Ensuring the confidentiality and security of personal data is no longer an option in 2018. The General Regulation on the Protection of Personal Data reinforces the requirements in this area. For the sake of consumers ... and brands.
The massive leak of Uber data, those of 50 million customers, revealed in November 2017 ... the recent scandal Cambridge Analytica, or 87 million data of Facebook users unknowingly recovered by this firm that worked for the US President Donald Trump's campaign: the subject of data security is more relevant than ever. With cyber attacks, theft or fraud of personal data is even among the top five risks that the world must prepare to face in the next ten years, according to the Global Risk Report 2018 published by the World Economic Forum.

This is without counting on the arrival of the General Regulation on Data Protection (GDPR) on May 25, 2018. The text is in the direction of strengthening the security of treatment systems and infrastructure, but also the information to persons and supervisory authorities, in case of the personal data breach. However, the RGPD is not out of the hat, recalls Céline Mas, Associate Director General of the Institute Occurrence, it "follows the 1995 directive." But, she continues, "the RGPD is unprecedented because the text harmonizes European practices previously embodied by the supervisory authorities of each country, with notable differences." This harmonization "simplifies the management of trans-European projects through a shared approach and management", adds Michael Bittan, partner responsible for cyber risk activities at Deloitte.

Appreciate The Risks

"The marks are expected on the analysis of computing resources, the study of their vulnerability and the steps of protection and access control."
The first step, therefore: identify the processing of personal data, processed data, and the media on which they are based - servers, laptops, mobile, operating system, wi-fi, printed document, including. Then, assess the risks generated by each treatment on the rights and freedoms of individuals, identify possible threats and existing or planned measures to address them. "A procedure to test, analyze and regularly evaluate the effectiveness of technical and organizational measures to ensure the safety of processing" must therefore be implemented, says the Regulation. And this, from the collection to the destruction of data, through their storage.
"It is necessary to put in place a data access rights management approach, in order to quickly identify where the leak comes from," adds Céline Mas. Essential, when we know that 78% of them are due to employees internal to the company, intentionally or not - sessions left open, photocopies forgot for example (Quantic.fr).

Camouflage Personal Data

Among the austerity measures as of May 25, 2018: the encryption of personal data, that is to save them, to pass them in a locked and codified manner, and thus to provide the decryption key (s) to retrieve this data. Pseudonymisation is also a solution but may be insufficient if it is possible to identify the person concerned with certain additional information. A good technique is then the hash. The principle: replace the value of the data, the name of the individual for example, by a fictitious value which is a sequence of numbers, letters, and other characters. But, beware, warns Sara El Afia, "not to confuse encryption and hashing, and not to consider the latter as sufficient, because even if it is difficult to reverse, attacks are improving day by day. The anonymization solution, however, remains complex to implement, says Michael Bittan: "At present, this is not part of the priority of our customers for 2018. They are more focused on their roadmap and the realization of the various GDPR projects (cartography, in particular) and will tackle anonymization in 2019 or even 2020. "

Bet On Privacy-By-Design

Article 32 continues on the need to establish the means to ensure the confidentiality and integrity of processing systems, but also the means to restore the availability and access to personal data inappropriate time in the event of an incident. "At any time, the user can ask the brand to account for the use of its data," says the managing director of Occurrence, which must set up a "data bridge", a continuity plan . " All the more, in case of violation of personal data (Article 33), the data controller has 72 hours maximum to notify the CNIL. Without forgetting to inform directly the concerned users if the violation is likely to generate a high risk for its rights and freedoms. Hence the privacy-by-design approach, which "integrates the subject of data security at the source," notes Céline Mas. Sara El Afia adds: "From the beginning, privacy-by-design requires protecting IT resources, data transfers, access rights and awareness of different types of data." Indeed, privacy protection is then integrated into new projects, services or applications as soon as they are designed. "That saves millions of euros," argues Michael Bittan.


You Might Also Like :

Back to Featured Articles on Logo Paperblog

These articles might interest you :

  • The Worst Christmas Specials Ever. Still.

    Worst Christmas Specials Ever. Still.

    Exactly ten years ago I shared this wonderful relic of the Olde Days of the Blogosphere, by John Scalzi. It was old then, and it's even older now. Still make... Read more

    14 hours, 14 minutes ago by   Russellarbenfox
    SOCIETY
  • Happiness Is... Getting Used to the Mayhem

    Happiness Is... Getting Used Mayhem

    I know, half of the school holidays has gone by in a flash and we are nearing mid-December already! How can it be, right? That means we only have a few more... Read more

    15 hours, 44 minutes ago by   A Happy Mum
    FAMILY, SELF EXPRESSION
  • How Speaking Up Can Create Greater Happiness and Success

    Speaking Create Greater Happiness Success

    It's not always easy to find the words when you don't know what the reaction will be, but just how much do we avoid speaking up? According to research, 72% of... Read more

    The 11 December 2018 by   Ncrimaldi
    BUSINESS, CAREER
  • MDM Recordings Introduces TJ Miller

    Recordings Introduces Miller

    MDM Recordings unveiled a new member of their label family on Monday night at the Canadian Country Music Association office in Toronto, introducing a small grou... Read more

    The 11 December 2018 by   Phjoshua
    LIFESTYLE, SELF EXPRESSION
  • 15 Non-toy Gift Ideas for Kids

    Non-toy Gift Ideas Kids

    With Christmas just two weeks away, the pressure is on. And if your kids or the kids you’re buying for are like my kids, they really don’t NEED anything. Read more

    The 11 December 2018 by   Thesamanthashow
    LIFESTYLE, SELF EXPRESSION
  • Handle with Care: Consolidating Bill Traylor’s Artwork

    Conservator Catherine Maynor has extensive expertise caring for works on paper at the Smithsonian American Art Museum, including many by self-taught artists,... Read more

    The 11 December 2018 by   Americanart
    ART & DESIGN, CULTURE
  • Recipe: South African Three Bean Salad1 Min Read

    Recipe: South African Three Bean Salad1 Read

    Summer in South Africa means Braai - their word for BBQ. This light and bright salad makes the ideal complement to traditional BBQ fare. Serve it alongside... Read more

    The 11 December 2018 by   Healthytravelblog
    TRAVEL