General Data Protection Regulation Enforcement & Compliance
by Marcia Cole, on May 15, 2018
The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018. GDPR is the EU’s data privacy directive that grants EU citizens more control over their personal data. For example, an EU citizen will now have the right to know what’s being done with their personal data, be deleted from any organization’s database, and have their data delivered to them in a portable format. With GDPR enforcement looming, organizations have been scrambling to understand what they need to do to be in compliance.
What does that mean for your organization? For Exosite, it meant that we re-examined and strengthened our commitment to data privacy and security. We’ve always been committed to the highest level of transparency and regulatory compliance. That means delivering the best customer experience, while ensuring we’re doing everything we can to protect your data and earn your trust, regardless of where you live.
So, we’ve taken this as an opportunity to update our data security policy and our terms and conditions for all users, giving you more control over your data. We’ve clearly defined how we use your data, how to request that your data be deleted, and how you can take your data with you.
We’ve also carefully reviewed our products to identify areas for updates and improvements. We started with an in-depth tour of how customer data flows all the way through our systems and back again. We verified how data travels, where data touches down, and how to get data out of the system in a portable format. As a result, we created new features in our products to support Delete Me, Opt In/Out, and Give Me My Data functionality for all users.
Exosite’s GDPR compliance comes on the heels of the ISO 27001 certification we recently achieved. The ISO 27001 family of standards helps organizations keep information assets secure by adhering to specific requirements for an Information Security Management System (ISMS). We were fully vetted during our ISO 27001 audit and have continued to improve our ISMS in support of our commitment to information security and data privacy.
In an age where anyone with the motivation and the tools can fashion your data subject* double, GDPR is an important step toward giving control of personal data back to you and making noncompliance to data privacy regulations punishable. However, such regulations are effectively a deterrent, not a guarantee, and we must all continue to stay vigilant when it comes to protecting our personal data.
Below is a short list of tips that everyone should follow to help ensure the privacy of personal data:
- Read the terms and conditions when you sign up for anything to understand how your data will be used, stored, shared, sold, etc.
- Be careful what you put out there! Your bits of data (images of your kids, location data, the social media share of your recent purchase or conference attendance, the free tax form tool you use) are all out there waiting to be aggregated into your data subject double by someone with the motivation and tools.
- Train your kids. Great resources here: https://www.sans.org/security-awareness-training/ouch-newsletter/2017/securing-todays-online-kids
- Monitor your accounts.
If you have additional questions regarding Exosite’s compliance with GDPR, please feel free to connect with one of our security experts.