Rincon India Solutions Pvt. Ltd.

Tag: GDPR

  • Reblog: The GDPR primer: 5 Tips for getting your organization ready

    As the General Data Protection Regulation (GDPR) comes into effect on May 25th, many global organizations are still not fully aware of how this European legislation will affect their day-to-day operations.

    The General Data Protection Regulation (GDPR) will come into full effect in a few days. It will introduce tough new privacy requirements for companies in the EU, as well as anyone who handles EU data. The new set of laws imposed by the GDPR will give consumers significantly more control over the ways in which their data is collected, distributed, kept, and destroyed.

    To successfully prepare for GDPR, companies of all sizes need to establish a solid foundation for meeting compliance before the new laws come into play. We’ve compiled a list of tips you can follow that will help you align your business practices and processes with GDPR regulations. Our list is not exhaustive, but can help businesses put a few preparations into place in advance.

    1. Raise Awareness

    Businesses handling personal data both in and outside of the EU must begin by developing a full understanding of the GDPR and exactly what it entails. It’s vital to recognize that GDPR applies to organizations everywhere in the world as long as they handle data containing any personal information about EU citizens, no matter where the data is stored. Make it a priority to circulate training videos or documentation containing detailed information on GDPR regulations around your organization so that everyone can begin to understand how it applies to your business processes.

    2. Develop a coherent privacy policy

    Organizations will need to clearly communicate with customers the purpose for which they are collecting their data under GDPR, so writing privacy policies that are easily understandable should become a top priority. Consumers need to be aware of their rights to disclose or refuse disclosure of personal information and understand the specific purpose for which it will be used. The GDPR also outlines that any information that’s collected for a stated purpose can only be used for that purpose after obtaining consent.

    Most companies practice transparency, but it’s important to make sure that privacy policies that contain a lot of fine print must be brought to the forefront and made legible and easy to understand or you could be faced with a fine. The fines for data breaches are huge – In cases of violation, the GDPR gives EU regulators the authority to impose fines of between 2 and 4 percent of a company’s global revenues.

    3. Prepare your data breach policy

    GDPR is no different than many regulations in that it requires you to inform consumers about data breaches that may affect their personal information – but with one catch – you have to do it within 72 hours. It’s one of the tightest timelines out there in the compliance world and may require that you revise your current data breach policy. Ensure that your insurance policies and internal procedures for incident reporting reflect the new law.

    4. Assess existing technology risks

    When strict regulations come into play, organizations need to reexamine the solutions they use to send and receive consumer information – it’s important to assess which solutions may need to be upgraded or replaced. If your HR, finance, or other departments are currently using inherently non-secure means of transmitting sensitive data between countries, it’s time to reassess your options. A cloud fax solution, for example, eliminates several of the security risks that come with using traditional fax machines.

    Cloud fax software enables employees to send and receive sensitive documents directly from their workstations, which means no more printed documents left lying around potentially falling into the wrong hands or being otherwise misplaced. Full knowledge of your organization’s technology risks can present opportunities to leverage existing solutions that will get rid of any security gaps in your infrastructure and help enable GDPR compliance.

    5. Investigate innovative new technologies

    GDPR will require companies handling personal data to develop strong data discovery and incident detection processes so that they can keep track of where their information is, and is being sent, at all times. Not everyone has a data controller on staff, and refining these processes doesn’t have to be a complicated task. Consider secure file exchange solutions that automate some of the workload for you.

    Solutions with features such as a built-in audit trail function eliminate guesswork by keeping a timestamped record of all files and documents that are transferred, whether inbound or outbound. Not only does can this boost organizational workflow, you’ll have a chronological record of system activities in case you’re ever up for audit. It’s all too common for organizations to transfer consumer’s personal information without the proper safeguards in place, which is why looking into new technologies that can improve your processes is so crucial.

    By understanding the GDPR in advance, you’ll get a stronger grasp of its requirements and be well on your way to mitigating any risks associated with how you handle personal data. Looking to boost security when sending and receiving sensitive information? Speak with an expert today to learn about solutions that will help take your organization’s security and compliance to the next level.

    The original article can be found here.

    E-mail us on sales@rincon.co.in for more information and we will be glad to assist you.

  • Reblog: GDPR is coming into effect on May 25th of 2018.

    As you may have already heard, The General Data Protection Regulation (GDPR), one of the most sweeping data regulations the world has known, is coming into effect on May 25th of this year. GDPR will affect businesses on a global scale, yet a surprising number of organizations remain unprepared.

    Once GDPR is enforced, companies around the world who are found to mishandle, exploit, or lose EU citizen’s personal data will face huge penalties including up to 4% of the companies’ annual revenue. Businesses can also face penalties depending on whether and how they inform customers when they’re hacked. Despite the risks of not being GDPR compliant, a government survey conducted just a couple of months ago in the UK revealed that a only 38% of businesses say they had heard of the GDPR, and among them, only a quarter had started making changes to their operations to get prepared. Since the GDPR act will be passed in the EU as a measure to protect its citizen’s data, one can only imagine the b pace at which the majority of North American companies are moving towards compliance.

    With more than 35 years’ experience in the high-tech and unified communications sector, AVST General Manager Tom Minifie has seen his fair share of regulatory compliance shifts, as well as their impacts on organizations. During his educational session, GDPR: Impact on Security from EU to the US, at Enterprise Connect last month, Tom discussed a few of the key concepts outlined in the GDPR, their impact on organizations, and practical ways that companies can work toward compliance.

    1. Consent: The New Gateway to Obtaining and Storing Personal Data

    One of the major requirements under GDPR is that businesses will have to obtain consent from EU citizens when obtaining their personal data. Businesses will also have to be transparent with the intended purpose of holding onto said data – much of which will involve developing new, clear privacy policies that cover data retention and storage guidelines.

    “Each individual that does business with you, that causes an occasion for you to collect personal information associated with them, they’ve got to be able to opt-in, essentially. Somebody that goes to a website and wants to order something, they know that they’re providing you with some personal information. They’re entering a credit card number, and they know why they’re doing that, but that doesn’t mean you can hold onto that [data],” said Tom Minifie. “Typically, online, you’re going to be able to opt-in […] Those are the kinds of transactions that are absolutely mandatory.”

    Becoming more transparent and asking for consent during any transaction where personal data is obtained will look different for each organization. While institutions in the healthcare, government, and finance sectors may be ahead of the game when it comes to communicating the why’s and how’s of obtaining personal data, the implications of the GDPR act are far wider reaching. This means retail stores will need to be clear when they ask for customer email addresses at the check-out, NPOs will need to be upfront when obtaining consent for personal info used for surveys, and more.

    2. Redefining Key GDPR Terms: Processor and Data Controller

    When first learning about GDPRdata processor and data controller as positions with a company. , perhaps only unique to larger enterprises requiring their expertise, Tom Minifie points to a much broader definition:

    “Essentially, any cloud provider is a processor. Anyone that’s processing data, may not be holding onto that data or doing anything with it for their own purposes, but if it’s flowing through their resources, then they’re a processor.

    AVST is a processor. We’ve got a number of cloud solutions for our customers. We host some communications solutions, and we have a security solution that people can use. As they’re using our hosted service, we are a processor when it comes to those companies. The data controller is the company itself.”

    Some companies do in fact have data processors and controllers on staff, but for any organization who processes personal data, it’s the company as a whole’s responsibility, not just at the level of management and compliance-dedicated employees, to ensure that personal data is handled with utmost care.

    3. Important Questions to Consider

    Lastly, Tom offered some advice to in the form of crucial questions for companies who are beginning to have conversations about achieving GDPR compliance:

    “Firstly, evaluate. What personal data do you actually have? What personal data are you storing, and what’s the purpose of that? Do you have a privacy policy so that any individual that you’ve got access to their personal data, do they understand through your privacy policy why you have that data? What data do you have, and why do you have it? What’s your use for that? Do you have High Availability/Disaster Recovery business continuity practices in place? Can you stand up and say “Look, we’re the protector of this data, and we’re not going to lose that data?” Even with an IT failure where you’ve lost a server or whatever, that data that was stored there, it’s not good enough to say, ‘Well, it’s gone.’ That’s not okay. You have to be able to recover that data as well.”

    When a major regulation that forces companies to reconsider how they obtain, handle, and process data like GDPR is looming, it can be intimidating for organizations of all sizes. Sometimes, the best way navigate through the complexity of a new regulation is with an honest appraisal of where your organization currently is. Then to take steps, not necessarily great leaps, on your journey towards compliance.

    The original article can be found here.

    To learn more contact us sales@rincon.co.in

  • Reblog: 2018 Technology Trends

    Find out what XMedius Executive Vice-President and Chief Technology Officer has to say about GDPR compliance, data security, and upcoming tech trends for 2018!

    GDPR is coming into effect in May, what are some of the biggest impacts you think it will have on organizations?

    The General Data Protection Regulation (GDPR) is probably the most transformational digital legislation to ever come into force. Obviously, organizations are racing to meet compliance, but beyond the craze, GDPR will have a long-lasting effect on organizational information architecture in Europe and around the world. Europe is trailblazing with GDPR and it is likely to become the de facto privacy standard for the whole world.

    GDPR solidifies a new fundamental right for European citizens: They have an unalienable right over their personal information. Organizations collecting European citizens are merely the custodian and cannot claim ownership of that information. In the digital world, this is the most significant human right.

    Organizations have traditionally considered information they collect as theirs, so GDPR is significantly changing that state of affairs regarding personal information. In fact, not only are organizations relegated to the role of custodians, but that role now carries significant responsibilities in terms of protecting that information. Much like doctors or engineers in regard to their work, all organizations now have an obligation to protect the personal information they collect.

    As such, organizations have little choice but build the foundation of an information security management system (ISMS), at least with a scope around personal information assets. This will do much to advance information security across the board. If done well, organizations can greatly benefit from the governance framework that will be in place to protect personal information.

    Another big change that GDPR will bring is that prior to GDPR, “digital” personal information had an extremely low “holding cost”. As such, information could be loosely managed, duplicated across several systems, kept for an indefinite period of time, etc. The new requirements around content, access, erasure and protections will create significant costs for collecting and holding personal information and will have a transformative effect on information architecture. With high holding cost, organizations tend to centralize information into a few, well protected & well-governed systems. This type of change will not come in the next 6 months, but is likely to be a long-term effect of GDPR.

    You were a panelist at a BrightTALK conference earlier this year after the prolific WannaCry ransomware attack that affected organizations worldwide. How can companies protect against ransomware in 2018?

    Ransomware protection is a great exemplification of the need for “defense in depth”. There is no silver bullet against ransomware. First, it’s important to understand that ransomware is here to stay, and likely to continue to increase in occurrence and intensity in the years to come.

    The rise of ransomware goes hand-in-hand with cryptocurrency becoming mainstream. Cryptocurrency provides a means to exchange cash equivalents in an untraceable fashion, allowing criminal organizations to expand their extortion business to the digital world with little means for authorities to hinder them.

    1. The economics of ransomware doesn’t make it effective to use zero day vulnerabilities to launch a ransomware attack – instead, they use well-known vulnerabilities. As such, the most effective protection measure against ransomware is aggressive patching practices. Patching is an ungrateful task. It interrupts users work, break systems in unexpected ways, requires testing and causes server downtime, but it is also one of the most effective ways to defend against ransomware by preventing breach and/or limiting its contagion. Take, for example, the two largest breaches of 2017: NHS and Equifax. Both would have been prevented and/or mitigated to a large extent if patching would have been done properly. You don’t need fancy technology, just hard work, commitment and thoroughness.
    2. Backups. If your data is taken hostage, backups will be your best friend. But backups may not be enough in themselves. Ransomware targeting businesses may also target your backup server and/or may encrypt network storage used to store your backup. Offline or offsite backup is the best way to make sure that bad agents cannot prevent you from using your backups to restore data encrypted by ransomware.
    3. Anti-virus & anti-malware is your next line of defense. It helps to prevent the execution of known nefarious code/software. Anti-virus/malware is a requirement, but don’t let this lull you into a false sentiment of protection. Those technologies are not bulletproof, and malware can still get through.
    4. Security Awareness training and phishing impact training are also an important means of stopping ransomware. Users can be your best asset to protect against attacks, but they can also be your worst enemy.
    5. Advanced firewall/NIDS (network intrusion detection systems) may detect or block rogue agents communicating with their command and control, largely mitigating their impact.

    Confidentiality, integrity and availability (or the CIA triad) is a popular model for guiding information security policies within organizations. Are there any extra measures companies can take in 2018?

    Today’s information security model is commonly based on the CIA triad, but never before has information taken so many physical forms. With the advent of the Internet of things (IoT), we may need to also evaluate the security objectives of information assets in regard of the physical integrity of human beings. This is particularly true for autonomous robots or vehicles.

    What is the appropriate level of security regarding human life? A good example of the blurred line of information vs physical security is the recent demonstration by researchers that autonomous driving systems could be “hacked” by putting simple stickers on a stop sign, rendering it unrecognizable and possibly leading to traffic accidents causing serious or fatal injuries.

    What is the acceptable level of physical protection required for implementing surgical robots? Armed robotic guards? Autonomous flying airplanes? Manufacturing robots? Drones?

    As AI and IoT create new forms of autonomous objects, there is a need to integrate security approaches on both information and physical security. An integrated approach is more likely to address all the risks and provide security controls that work towards common goals.

    As someone with their finger on the pulse of technology, what are some of the most innovative ideas you see emerging on the market in 2018?

    Zero UI: The combination of voice recognition technology, natural language API and deep learning is likely to finally deliver on the promises of Zero UI where requests and responses can be achieved in a natural discussion, eliminating the need for a formal user interface. ZeroUI has some limited success in virtual assistants, but is now likely to refine and expand to more diverse systems.

    Specialized AI: Despite the hype, computers showing humanlike “generalized” intelligence is not around the corner – it’s still decades away. Nevertheless, computer systems managing to show human intelligence for performing very specific tasks are already available. These systems will revolutionize the workplace and are likely to transform it much like computers and the Internet did decades ago. AI will not “replace” humans per se, but change the way our work is done and make us more productive, allowing us to concentrate higher value tasks. On the downside, this is likely to further increase the digital divide, between workforces that can harness digital/AI and those who cannot.

    Compliance: The cost of cyber crime that is already estimated to exceed $3 trillion which is likely to double by 2021 and is a phenomenon considered by experts to be “out of control”.

    Authorities across the world are putting together new regulations to impose some basic standards in terms of how organizations need to protect information assets. After HIPPA, FERPA, PCI-DSS, GDPR more compliance regulations, whether compulsory or mandated, are likely take force in 2018 and the years to come. All organizations will need to stay on the lookout and adjust their IT strategy in accordance. For those that are not prepared, the change will be painful.

    Automation: With salaries rising in East Asia, there is a trend to bring manufacturing closer to its intended market. Robots and automation have reached a tipping point in terms of tasks they can perform and can now replace low-wage workforces in several areas. This will not only transform manufacturing, but also local services like restoration and retails where several tasks can now be economically automated.

    Want to learn more about how you can enable compliance, prevent data breaches, and take your organization’s data governance to the next level? Speak with an expert today about solutions that cater to your specific business needs. Contact us.

    The original article can be found here.