Protecting collected data from cyberattacks

[rakhirhif8963]

To meet their new responsibilities, organizations must streamline their data collection strategies, starting with the process of obtaining consent from the data subject. Once consent is granted, the organization must ensure that the data collected is identified and managed effectively. Disparate systems must be connected and a holistic view of what information the organization has and how it is used must be created. This holistic view is essential when addressing issues such as the portability or complete deletion of personal data upon request. This is perhaps the second most challenging task for organizations in the wake of the GDPR, along with mechanisms to enforce data subject rights.

Breaches is lower on the list of responsibilities, but that doesn’t make it any less important. Before the GDRP, this was the requirement that received most of the public’s attention due to the potentially huge fines associated with a data breach. Previous legislation was not particularly powerful, whereas the GDPR was a real stick. Perhaps now, avoiding being hit by the stick is becoming a carrot for organizations.

In the event of a data breach, organisations must honduras mobile database the incident within 72 hours. An interesting quirk of the regulation, however, is that an organisation can decide on the seriousness of the data breach. If “the personal data breach is unlikely to pose a risk to the rights and freedoms of individuals”, it does not need to be reported. Reporting a data breach does not always result in a fine, and if an organisation does decide to do so, it must be accompanied by a significant amount of information. As such, the location of the personal data must be known to companies. Ensuring compliance with this requirement makes it difficult for organisations to prepare for the implementation of the GDPR.