By this time, most people in the information technology industry will be aware of the GDPR, thanks to security experts, journalists, trade publications, and others who have been constantly educating us about its significance. For folks who are new to this topic, here is a short overview of the GDPR from a layman’s perspective.
What is the GDPR?
The General Data Protection Regulation (GDPR) is the comprehensive overhaul of the data protection regulations that have already existed in the European Union (EU) for the last twenty years. The ultimate aim of this new regulation is to give EU residents more control over their personal data — what, how, why, where, and when their personal data is used, processed, or disposed of.
When will it come into force?
The European Commission brings the GDPR into force on May 25, 2018. That’s barely one month away from now. Any company that handles EU residents’ personal data, irrespective of the location of their headquarters, should become GDPR-compliant on or before the announced date, or face significant fines of up to €20M or 4% of their global annual revenue, whichever is higher, for GDPR violations.
What is personal data according to the GDPR?
Per the GDPR, personal data means any data that relates to “an identifiable natural person.” It covers a wide range of information including name, address and ID numbers, web data such as location, IP address, cookie data and RFID tags, health and genetic data, biometric data, racial or ethnic data, political opinions, sexual orientation, etc.
How can I comply?
- Identify personal data scattered across your company
- Control how personal data is used and accessed
- Prevent, detect and respond to data breaches
- Maintain comprehensive records of access to personal data
The role of a password manager in GDPR
The fundamental goal of the GDPR is to identify, control, and secure the personal data of EU residents. Here are a few areas where a password manager can help:
- Store passwords and other confidential data (including personal data) in a centralized encrypted vault
- Enforce the use of strong, unique passwords for each account and ensure periodic password rotation
- Restrict access to organization accounts that gives access to personal data based on job roles and responsibilities
- Include an additional layer of security with two-factor authentication and password request-release workflow for sensitive accounts
- Audit who accessed what data and when
- Revoke access to confidential data whenever needed
- Grant access to sensitive accounts without revealing the password in plain text
- Offer an option to securely share passwords with contractors and temporary workers
- Safeguard confidential data from the hands of hackers and malicious insiders
To comply with the GDPR, organizations should ensure and demonstrate compliance in how they are handling EU residents’ personal data. Whether you’re a small business or a big enterprise, manually implementing all the above security measures will be highly time-consuming and cumbersome. But you can easily adopt them all and more with the help of a password manager like Zoho Vault. Try Zoho Vault now.
Important Note: Fully complying with the GDPR requires a variety of solutions, processes, people, and technologies. Together with other appropriate solutions, processes, and people, automated password management helps reinforce IT security, prevent data breaches and comply with the GDPR. To learn more about the GDPR, check our resources: https://www.zoho.com/gdpr.html