The new General Data Protection Regulation of the EU will take effect on May 25th, 2018. Let us take a quick look on what this regulation is all about.
The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Today, the field of data protection is regulated by each 28 EU member state’s own laws. GDPR aims to erase the ambiguity brought forth by this.
GDPR concentrates on four distinct fields:
- Defines personal and sensitive data
- Details how these are to be handled
- Establishes fines for non-compiance
- Sets new requirements for breach notifications
But what is GDPR all about? Rights. Rights for the EU ciztiens to have greater controll of their data (personal data and sensitive personal data):
- Consent for personal data to be shared and processed
- Right to access personal data
- Right to be forgotten
- Right to portability
- Right to recification
- Right to resist processing
- Right not to be subject of automated decission making
From these rights, maybe the most important is the one about consent. Personal data may not be shared or processed without the explicit consent of the data subject. Data subject must be advised exactly and plainly on what data will be collected and how it will be used. Consent will be required for all processed or stored data, including systems already in place. Organisations will have to work out a way to gain consent which is fair, lawful and allowed.
With the new rights becoming law, organisations have to ask themselves; does this apply to me or not? This is best answered by a qualified lawyer, but in short: any data that represents an EU citizen has to meet the requirements, it does not matter where the data is stored or accessed from.
If an organisation is in the scope of GDPR, it may have to:
- Appoint a data protection officer (> 250 employees)
- Appoint reprezentative inside EU
- Review data collection procedures
- Create data protection awareness program for employees
- Perform initial and ongoing information audits
- Complete Data Protection Impact Assessments
To enforce compliance, the regulation opens the possibility for high fines.
- 2% of annual global revenue, or 10 million euro (w/e is higher).
- Data breaches
- Not employing DPO (when it would be needed)
- Not conducting DPIA (Data Protection Impact Assessments)
- Not keeping appropriate records
- 4% of annual global revenue, or 20 million euro (w/e is higher).
- Failing to gain consent
- Not upholding customer rights
- Moving data outside the EU
Of course these are only the maximal possible fines, their enforcement will be proprotionate. However non-compliance will have other impacts as well, such as damage to the company’s reputation and lost consumer trust.
Guides have been created and published for companies that detail the steps they should take to gain compliance. In general, they expect the companies to map what data they have, check if their processing is fair, lawful and allowed, remove any unneded data (data minimazation), create a procedure for consent handling, recognize the rights granted to individuals, create risk assasment from the data subject’s perspective, reduce risks, have incident response plan, host security awareness trainings for employees; finally, do all this (and more) before May 25th, 2018.
A quick way to gain first impressions on your company’s compliance level is to use self assessment form proviced by ico., which can be found here: http://www2.infosecinstitute.com/GDPR-Readiness
Keep Calm and Prepare for GDPR!
GDPR Compliance: What You Need to Know Before May 2018
Let’s Cut The Crap On GDPR by Carl Gottlieb
Virtual Session: GDPR without the Hype
Today I would like to take a break from our ongoing informative articles. Just lean back and have some fun reading about how software projects got their name.
Most computer users have dozens of passwords: Banking websites, social media, bill payments, online retailers—all of them require secure logins. Because so many websites vary their password requirements it’s hard to use just one password that’s easy to remember, not to mention what a bad idea that is.
Keeping your online identity secure requires the use of complicated and varied passwords, and managing all of them can be nearly impossible. 1Password is a multiplatform app designed to solve your problems.
- What is 1Password? 1Password is a password management app that stores all your login information behind one master password. It is available for iOS, macOS, Android, and Windows.
- Why does 1Password matter? Password hacking continues to grow in sophistication, making complex, hard-to-crack passwords essential. 1Password can auto generate random passwords, greatly increasing account security.
- Who does 1Password affect? 1Password affects anyone who uses the internet. Secure passwords are essential in the internet age, and 1Password makes managing them incredibly simple.
- When is 1Password happening? 1Password has been on the market for 10 years and continues to grow in sophistication and ease of use.
- How do I make use of 1Password? Interested users can download 1Password at its website, in the App Store for iOS, and Google Play for Android.
What is 1Password?
1Password is an app used for managing the multitude of passwords each of us has nowadays. Put simply, it’s a secure vault where you can put passwords, credit card numbers, and other sensitive personal information.
1Password uses a single logon for access to all stored passwords, and users can also use their fingerprints to log in on applicable devices.
Users who want to share information among family members will find 1Password particularly useful: it has a family sharing system built right in. Administrators can share select information with certain family members, enabling parents and children to access shared accounts.
Apps are available for iOS, Android, Windows, and macOS. The desktop versions of the app can also automatically sign in to secured accounts if a user is logged in to 1Password.
Why does 1Password matter?
Information security has always been an arms race, and if anything it has only become more intense. It’s hackers vs. infosec professionals in a constant competition to one up each other: that’s why apps like 1Password are so important.
1Password can’t guarantee you’ll never be compromised but it’s a good start. The app itself uses AES-256 encryption, which is incredibly strong and nearly impossible to crack. It is made even more secure with the use of fingerprint scanning technology like TouchID: If you’re not the one with your phone 1Password isn’t getting unlocked.
To round matters out, 1Password will automatically generate complicated random passwords for you. Since it is automatically filling them out itself you won’t need to worry about forgetting them.
In short, 1Password matters because hackers are getting better and better at cracking weak passwords.
Who does 1Password affect?
How many passwords does the average internet user have? It’s hard to know how many are unique, but the average US email address has 130 accounts registered to it. Anyone with even a fraction of that many accounts is affected by 1Password.
It is very tempting to reuse passwords or vary new ones just slightly, and that’s a serious security risk. 1Password can do a lot to nullify that risk on both mobile devices and traditional computers.
When is 1Password happening?
How can I make use of 1Password?
1Password is free to download and use, though some of its more advanced features will cost you money. Premium features can be unlocked for a one-time $9.99 purchase. Additional functions include:
- Additional categories (in addition to passwords, credit cards, and personal IDs)
- The ability to create custom fields in a stored item
- An Apple Watch app
- One-time password generation (available only on supported websites)
- Custom password organization and tagging
- The ability to create multiple storage vaults
A family plan with access for five people costs $4.99 per month and is billed annually.
Today the use of Microsoft Word is widespread in most organizations. Everyone uses it, but only few know how to do so properly.
It is a frequent occurrence to open a document, only to find it being misaligned or suffering from other styling errors. These issues can be distracting at best, but can also make the whole document unreadable. Knowing how to correctly create documents can avoid this situation and be of great benefits, including backwards compatibility with future MS Word versions. Many tutorials can be found on the internet about this subject, just to peak your interest, here are a few: