As the world moves towards a more encompassing digital age, an increasing number of companies collect and use customer data. Such data is protected by various regulatory requirements, which set guidelines (and, most often, strict rules) for how the data can be collected, processed, and protected. One of the most stringent legal frameworks dealing with data protection and security is the General Data Protection Regulation (GDPR).
Passed by the European Union (EU) in 2016 and in effect since 2018, the GDPR requires compliance not only by companies based in the EU, but any entity that handles the data of EU persons. Many US companies can be required to comply with the GDPR. Failing to meet the compliance requirements can have serious repercussions, which is why our team at CDG is ready to help with GDPR standards.
A US business or company will have to meet compliance requirements per the GDPR even if the entity’s operations are not solely based in the EU. For example, the provision of goods and services to customers in an EU member state will trigger compliance requirements. Furthermore, if a business can access or processes any personal data of EU customers, it will be required to comply with the GDPR.
The GDPR regulatory framework deals with the protection of personal data. Said data can include, but is not limited to, names, gender identification, physical and online location data, email addresses, home addresses, political opinions, and cookie information. Essentially, personal data is any sort of information that can identify a person. The GDPR compliance requirements are in place to ensure businesses process and store personal data in such a way that meets data protection principles of accountability, transparency, and confidentiality, among others.
Avoid a Data Breach Event and GDPR Fines:
Cyber Defense Group specializes in Incident Response and Security Engineering, enabling agile businesses to operate at speed. We protect our clients from cyber criminals, and we create robust security programs which can withstand current and future threats.
ISO27001 is an international standard for information security, published by the International Organization for Standardization. Organizations that meet ISO27001 criteria can be certified against the standard to demonstrate their ongoing commitment to data protection and information security.
SOC2 was developed by the AICPA for managing customer data based on “trust service principles”. SOC2 is primarily used for companies operating within the United States.
In order to prevent mass variance, the National Institute of Standards and Technology (NIST) – a non-regulatory part of the Department of Commerce – constructed a set of standards for all federal agencies to follow: the NIST Special Publication 800-53.
The Health Insurance Portability and Accountability Act is a US law enacted in1996 which governs the data protection and privacy of health records.
The European General Data Protection Regulation is a data protection and privacy regulation for EU citizens. Any company operating within the EU borders must conform to this regulation.
The California Consumer Protection Act is a California data protection and privacy law for residents of California. Most companies which hold information on California residents are subject to this regulation.
The CIS 20 is a list of 20 actions and practices an organization’s security team can take on such that cyberattacks, or threats, are minimized and prevented.
We protect our clients from cyber criminals, and we create robust security programs which can withstand current and future threats.