The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and aims to harmonize data privacy laws across the European Union. It gives precedence to individuals’ protection and rights and makes any business found to be non-compliant with its requirements accountable in the eyes of the law. Individuals will have enhanced rights to access, modify or erase their data or request its transfer to other platforms. Companies are required to adhere to international data protection standards, risking hefty fines if they fall short of the GDPR’s strict provisions.
The new regulation is likely to affect all areas of business, prompting major changes at organizational, procedural and technical security levels. Companies will have to reach a high level of data processing transparency: they must become aware of whose data they are processing and collecting, where it is going and who has access to it.
They will have to put threat detection controls and processes in place, adopt clear data protection policies in-house and built and test incident response plans. In case of data breaches, companies will now have to notify National Data Protection Agencies about them and, to absolve themselves of fines, must prove that they have taken all necessary measures to ensure individuals’ sensitive data is protected.
While companies cannot become compliant solely through technical improvements, these are essential to the security and integrity of electronic data. This is where sensitivity.io comes into play.
Security by Design and Default
One of the key requirements of the GDPR is the need for companies to put privacy and data security at the top of their priorities list when building applications by ensuring that security is baked in by design and by default.
What this essentially means is that data protection should be added into the development of business processes for products and services from the very beginning, rather than at a later stage in the development process. The GDPR further sets the privacy settings at a high level by default and mandates data minimization, namely that only data absolutely necessary to the use case should be held and processed by businesses.
Features that were a secondary concern before, such as sensitive data security, will thus become mandatory for all applications, processes and platforms collecting any sort of personal information from users. While this can mean more work for developers as they will have to add more layers of security to apps and services, the appearance of cybersecurity APIs such as sensitivity.io, can greatly reduce the effort it takes to make them GDPR compliant.
sensitivity.io offers powerful, customizable detection techniques that can identify and monitor data usage and movement within apps, services and platforms. SDKs provide an innovative approach to identifying, tagging, securing or encrypting data at application level and securely handling data inside applications, regardless of their infrastructure or language. These can be added to apps, services or infrastructure in a variety of ways, either as a strong system API, web JSON API, or a local/virtual cloud instance of the sensitivity.io Cybersecurity API as a service.
The Right to be Forgotten
Once the GDPR comes into force, individuals in the EU will have the right to request that their personal data be deleted. Consent for data processing can also be withdrawn and revoked at any time. While certain restrictions apply to the so-called right to erasure, companies have only one month to comply with a request once a data subject has submitted it. This means that companies must have the means to search and identify particular sets of data and erase them without undue delay.
sensitivity.io APIs can help developers design systems and products that comply with GDPR standards by adding in-app sensitive data scanning and classification technologies to any file and string. This will greatly simplify the process of deleting a particular set of information, by providing companies with an easy way to instantly search for the desired data and take remediation actions when it is found.
Sensitive Data in the Cloud
Under the GDPR, EU individuals’ data can only be transferred to countries outside the EU when these have been deemed to have adequate standards of data privacy protection by the European Commission or through the use of standard contractual clauses for controller to processor transfers of personal data to third countries. These stipulations are likely to affect cloud storage services as companies will now have to better understand what data is stored in the cloud, where it is located and how GDPR compliance is met.
Through sensitivity.io’s SaaS for Data Storage Services, companies can connect their accounts with popular data storage services such as Box, Dropbox and One Drive and get unmatched visibility into their stored data.
Companies also have the option of using the sensitivity.io on premise solution with well documented JSON API to get full control of the integrations with external services, allowing or revoking access to them by a machine or a human at any time.
Once it comes into full force, the GDPR will revolutionize the way companies look at data protection. Security will receive a much-needed boost across the board, becoming one of the key features apps, processes and platforms will be built on. While this means more work for developers, luckily technologies such as sensitivity.io were built to meet these demands and simplify IT professionals’ monumental task of bringing privacy and data protection to the front lines of the development process.