GDPR - AML On-Line by CubeIQ Limited

Go to content

Main menu:

GDPR

The Solutions

General Data Protection Regulation


General Data Protection Regulation – GDPR was approved by the EU Parliament on April 14, 2016 Regulation No. 2016/679 and it has come into force 20 days after its publication in the Official Journal of the EU.  As a Regulation it is directly applicable in all EU Member States two years after set in force, on May 25th 2018, when the bodies; companies and organizations that will not comply will face heavy fines.


General Data Protection Regulation replaces the EU Directive on Data Protection 95/46/EC, and aims (a) to harmonize data protection laws across Europe (b) protect and strengthen the privacy of EU citizens and (c) to reshape the way in which the agencies active in the EU approach and manage personal data security. GDPR will also require much closer co-operation between the different independent authorities such as “Supervisory Authorities” or “Private Data Protection Authorities”.



EU REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).


EU DIRECTIVE 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA



When GDPR is applied?

The date of application of the regulation in EU Member States is May 25th, 2018

Who does the GDPR affect?
GDPR affects all EU bodies; companies and organizations, private, public and state controlled that maintain and manage private data of EU citizens. In this sense companies and organizations outside EU that manage personal data of EU citizens are also affected.

What is considered personal data?
Any information related to a natural person or “Data Subject” that can be used to directly or indirectly identify the person is considered personal data. This information can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

How it is applied?
After May 25th, 2018 bodies, companies and organizations operating within the EU should use high-tech security systems for the protection of the personal data they manage. Also companies outside EU that manage personal data of EU citizens should also comply by using high-tech security systems for protecting personal data.

Which are the penalties for violations?
In case of private data protection breach, companies (a) they must inform immediately their National Authority of Personal Data Protection and their National Regulating Authority and (b) will face fines of up to 4% of their annual turnover or 20 million Euro (whichever is greater).


Companies’ obligations under GDPR

Follow the basic data protection principles.
Transfer personal data to non-EU countries only under certain conditions.
Give access to personal data managed to partners only under controlled and secure conditions and only if they
demonstrate their compliance with GDPR.
Develop and use electronic computerized procedures and tools for timely and free or charge requests of individuals
manage their personal data.
Notify and inform the individuals appropriately and promptly about their rights on personal data protection and
management.
Ensure personal data protection throughout their life cycle.
Keep records and inform for any personal data breach within 72 hours the National Private Data Protection Authority and
the individuals with direct communication and public announcements.
Be able to prove that they comply with all GDPR requirements.

CubeIQ approach for GDPR Compliance







Data Risk Assessment
The first step is to assess organization’s risk from personal data management due to General Data Protection Regulation, 2016/679/EU. This is accomplished by registering and analyzing organization's business processes that are related with personal data management.
Integrated data risk assessment by depicting organization’s processes related to customers’, partners’ and employees’
personal data.
Detailed and comprehensive view of organization’s identifiable personal data storage, access and processing.
Data breach evaluation and risk scoring (data assessment scoring) based on where (data storage), who (data access)
and how (data processing) data are managed.
Compliance gaps against GDPR graphical illustration.
Roadmap for GDPR compliance with recommendations for immediate action.
Instructions and recommendations for building an agile but robust data protection framework.
Information on organization’s  future technology choices on data protection and security.
Snapshot of GDPR legal landscape and organization’s potential exposure.
Easy, fast potential breach reporting.
Vendor risk management for audits.

Data Risk Remediation
In CubeIQ we have the tools, methods and processes with which we can support any business that maintains and manages individuals’ personal data to be compliant with the General Data Protection Regulation 2016/679/EU.
Data Encryption Systems and Hardware Security Modules – HSM.
Data at Rest Protection, Unstructured Data, Structured Data, Databases, Disks and Files protection & encryption, Key
Management.
Data in Motion Protection, Network and WAN protection & encryption - Ethernet Encryptors.
Full PKI Environment Deployment, PKI Encryption & Decryption, Signatures and Certificates Generation & Authentication.
Multi - Factor Authentication, Physical OTP (Time & Event) tokens, soft OTP, Out of Band – OOB OTP, Mobile OTP, and
Pattern based OTP.
Digital Rights Management for Document Distribution, Adobe PDF and Microsoft Office Documents Protection.
Physical & Logical access control, Physical access control with Centralized Management, Same medium Physical & Logical
access control with Centralized Management.
End point security, Clientless End point security for Monitoring and Enforcing Security Policy.


AML On-Line by CubeIQ Ltd. :: www.cubeiq.gr

 
Copyright 2017. All rights reserved.
Back to content | Back to main menu