GDPR\PCI DSS Compliance
GDPR Compliance
General Data Protection Regulation (GDPR) proposed by the European Commission strengthens and unifies data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. GDPR came into force on May 25 2018.
Organisations need put in place technical and organisational measures to demonstrate their compliance with GDPR, meaning new policies, controls and procedures will need to be developed.
The primary objective of the GDPR is to give citizens back control of their personal data. GDPR harmonizes previous and other data protection regulations throughout the EU.
GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU.
There are two different types of data-handlers the legislation applies to: ‘processors’ and ‘controllers.’
A controller is “person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data”, while the processor is “person, public authority, agency or other body which processes personal data on behalf of the controller”. A controller will need to ensure that all contractual obligations with a processor are compliant with GDPR whereas a processor will have more legal liability if they are responsible for a breach.
Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face penalties for not doing so.
Under GDPR, if your organization suffers a data breach, the following may apply depending on the severity of the breach:
Your organization must notify the local data protection authority and potentially the owners of the breached records within 72 hours
Your organization could be fined up to 4% of global turnover or €20 million for non compliance to GDPR requirements
The UK Government Cyber Essentials Certification and IASME Standard are a great first step in achieving compliance.
Cyber Essentials can already mitigate ICO fines if a company suffers a breach. Cyber Essentials certification is evidence that you have carried out basic steps towards protecting your business and your data from internet based cyber attacks.
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security controlsPCI Qualified Security Assessors developed by an aggregated body of experts from the major card brands. The standard covers the fundamental aspects of information security and extends through the people, processes and technologies involved in payment card processing systems.
PCI DSS is a complex and granular standard that is mandatory for all entities which store, process or transmit payment card data, as well as organizations that may impact the security of a credit card processing environment.
If your organization just wishes to meet the standards outlined in PCI DSS without the need for certification, we offer consultancy services to assist you to reach the high PCI standards.
Our Qualified Security Assessors (QSA) will lead you through the PCI journey from initial review to full alignment with the standard in the most efficient and least intrusive manner possible. This will ensure your business can continue to operate while maintaining a secure payment processing environment.
If you want to know more please contact us.
I Want To Know More
The information you have provided in this form will be used to fulfil the purpose of the form and for marketing purposes.