Are You Ready for The New European General Data Protection (GDPR) Law?

A new EU regulation, European General Data Protection Regulation(GDPR) [1] has been proposed to improve the data protection of individuals. This regulation is the subsequent to the 1995 directive. It was agreed on 17 December 2015 and its implementation starts from 2018.

All the EU-based organizations that work with personal data records of individuals come under this law. Data records include but not limited to name, email, contact number, photo, bank details, addresses, social media network posts, computer’s IP addresses and medical information; no matter if this information is private, professional, public or personal.

As you can imagine, every company will be impacted by this law.

We wrote another article on this topic to explain GDPR in more detail and the impacts it has to companies that operate mobile apps.

The following security rules are encompassed by the GDPR:

1. Right to Delete Data

The users need to provide an explicit permission to the companies for them to handle the personal data. The individual users have the right to get their data deleted, and all the companies who have any data related to the individuals will have to fulfill the request.

2. Data Portability

The users can ask the companies how they are using the data and how they are exchanging with other service providers e.g. mobile operators.

3. Data Breaches

All data breaches that can affect the privacy of an individual in any regard should be informed to the national authority by the companies. The companies also have to tell the individual about data breaches and advise the user on security measures such as changing the passwords, etc.

4. Privacy by Design and by Default

Companies are advised to design their information systems while keeping privacy and security in mind, especially cryptography, pseudonymization, and anonymization.

5. Data Protection Officer (DPO)

There should be a Data Protection Officer post in every company that has more than 250 employees. The officer will oversee the data security of the company, and it's recommended to have a full-time contractor or employee for this position. Companies with less than 250 employees also need to assign someone this role if they working with personal data records.

What does this mean for individuals and companies?

If any company doesn’t comply with the regulation and doesn’t integrate the security rules that the law has mandated to their security policies, then they are subjected to a fine of 2 % from their annual worldwide turnover or up to 1,000,000 EUR.

The impact of GDPR will be really interesting. Though all individuals will be happy that they will have same right on their personal data records, companies and organizations will have to integrate security rules, change organizational or business processess which are probably difficult tasks.

Every application gathers and processes data in one way or the other. Hence, the application developers will have to think about the security aspect of their apps. Today, we are facing severe application security failures. We recently wrote an article explaining why mobile apps suck in security. Fortunately, it is not necessary to reinvent the wheel and implement security measures from scratch. There are many companies who focus on security measures, and integrating a widely used and proven security solution is easy and more cost effective rather than building a new one.

Take this short survey https://teskalabs.com/surveys/gdpr to see if your organization will be impacted by GDPR.

Alternatively, contact us to know more about our application security platform and prevent major cyber threats related to the apps that can affect your organizational and user data privacy.

Reference

  1. https://www.dlapiper.com/en/us/insights/publications/2016/04/european-gdpr-are-you-ready

About the Author

Jiri Kohout

TeskaLabs’ VP of Application Security, Jiri Kohout, brings years of experience in ICT security, having served as the Chief Information Security Officer for the Ministry of Justice and Chief Information Officer for Prague Municipal Court. He cooperated with the Czech National Security Agency to prepare the Czech Republic cyber security law.




You Might Be Interested in Reading These Articles

The Most Prevalent Wordpress Security Myths

WordPress web development may not seem like a challenging task. Since this platform has been in existence, a wide range of Web developers have handled projects of this nature. However, the top web development companies are not always aware of the issues and problems that take place when it comes to security.

Continue reading ...

security

Published on April 15, 2019

How TeskaLabs Helped O2 Improve Customer Satisfaction of eKasa Point-of-Sale (POS), the Most Successful POS Product / Mobile Cash Register on the Czech Market

In 2016 the Czech government introduced a new law that required businesses to report their sales and provide Electronic Evidence of Sales (EET). This law calls for the adoption of a more modern point-of-sale system that enables businesses to meet regulatory requirements set forth under this law. During the next two years, the law will gradually impact more than three hundred thousand companies in the Czech Republic. O2, the largest integrated telecommunications provider in the Czech market, observed that many would need help complying with this law, maintaining data security and demanding excellent customer support.

Continue reading ...

security case-study pos

Published on August 08, 2017

Security Issues in Nissan’s Mobile App, NissanConnect, Could Potentially Put Users’ Data at Risk

As technology continues to advance, cars are increasingly becoming integrated into our mobile devices. Automotive brands are now releasing mobile apps, allowing users to connect their music streaming services, social networks, and search engines into the car’s system. One app that I’d like to highlight is NissanConnect, a mobile application from Nissan.

Continue reading ...

security audit

Published on May 28, 2015