GDPR – Control and Protection of Personal Data

The primary objectives of the GDPR are to give citizens and residents control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the European Union.
GDPR is designed to give individuals better control over their own personal data and establish a single set of rules across Europe.

 

Organizations outside the EU are subject to this regulation when they collect data for any EU citizen.

Vanguard Security Solutions

Cloud Authentication provides the control required across the enterprise, supporting any SAML based cloud including Google, Yahoo, Sales Force, Microsoft 365, LinkedIn and any other Security Assertion Markup Language cloud.

Continuous Monitoring of information systems security provides organizations with near real-time information about security breaches and changes in security controls reducing risk, exposure and vulnerabilities.

Protecting the confidentiality, integrity and availability of patient information is no longer just a best practice for healthcare organizations HIPAA is a legal requirement.

Vanguard’s HITRUST solution is a comprehensive, standards based solution solving the complex challenges that face the Health Information Trust Alliance (HITRUST).

Vanguard’s IAM solution automates and simplifies z/OS® security server security and compliance administration tasks and enhances delegation capabilities and identity governance.

Vanguard’s PCI security solution helps determine your level of compliance with PCI, as well as validate your adherence to PCI requirements.

Sarbanes-Oxley (SOX) solutions from Vanguard enable organizations to automate the entire compliance lifecycle – from design and documentation, through test, review, approval and certification – reducing the cost and complexity of compliance.

SIEM provides a holistic, unified view into not only the infrastructure but also workflow, compliance and log management. SIEM can provide a multitude of capabilities and services efficiently.

z/Secure Replacement Solution – Upgrade to the Next Generation of Cyber Security.

General Data Protection Regulation (GDPR)

 

Personal data is defined as any information relating to an identified or identifiable person. This includes online identifiers, such as IP addresses and cookies if they are capable of being linked back to the person. This also includes indirect information, which might include physical, physiological, genetic, mental, economic, cultural or social identities that can be traced back to a specific person. There is no distinction between personal data about an individual in their private, public, or work roles – all are covered by this regulation.

 

Companies will be required to “implement appropriate technical and organizational measures” in relation to the nature, scope, context and purposes of their handling and processing of personal data.

 

Data protection safeguards must be designed into products and services from the earliest stages of development. These safeguards must be appropriate to the degree
of risk associated with the data held and might include:

• Pseudonymisation and/or encryption of personal data.

• Ensure the ongoing confidentiality, integrity, availability and resilience of systems.

• Restoring the availability and access to data in a timely manner following a physical or technical incident.

• Introducing a process for regularly testing, assessing, and evaluating the effectiveness of the system or systems.

 

An important element of the regulation requires consent to be given by the individual or person whose data is held.

 

Organizations will need to be able to show how and when consent was obtained.

 

Individuals must be able to withdraw consent at any time and have a right to be forgotten, if that data is no longer required for the reasons for which it was
collected, and it must be erased.

 

Companies must report breaches of security “leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed”.

 

In the event of a personal data breach, companies must notify the appropriate supervisory authority “without delay and, where feasible, not later than 72 hours after having become aware of it” if the breach is likely to “result in a risk for the rights
and freedoms of individuals”.

 

Vanguard offers a comprehensive approach to prepare for GDPR compliance, our advanced Audit and Compliance solutions provide comprehensive assessment to full-scale remediation. Contact Vanguard for more detail.