Thursday, 22 February 2018

General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR), which replaces the 1995 EU Data Protection Directive, will come into force on 25 May 2018.

The GDPR increases individuals rights regarding their personal data and is intended to harmonise data protection laws across Europe.

It is particularly important that you review your current controls, policies, and processes to assess whether they meet the requirements of the GDPR

Google is committed to GDPR compliance across Google Cloud services and are helping customers with their GDPR compliance.

GSuite Administrators should visit https://cloud.google.com/security/gdpr/ and follow the links to review and accept the relevant TOS for their organisation


One of the critical aspects is Encryption!

It may well be that your current provider does not use or cannot guarantee end to end encryption. Google uses encryption to protect data in transit and at rest. Data in transit to G Suite is protected using HTTPS, which is activated by default for all users. 




The Google encryption pdf can be viewed here:-
http://services.google.com/fh/files/helpcenter/google_encryptionwp2016.pdf


Protection and Prevention is a much more effective strategy than reaction.



The GSuite service allows customers to leverage product features and configurations to further protect personal data against unauthorised or unlawful processing. For example:-


  • 2-step verification greatly reduces the risk of unauthorised access by asking users for additional proof of identity when signing in. Security key enforcement offers another layer of security for user accounts by requiring a physical key.
  • Suspicious Login Monitoring helps detect suspicious logins using robust machine learning capabilities.
  • Enhanced email security requires email messages to be signed and encrypted using Secure/Multipurpose Internet Mail Extensions (S/MIME).
  • Data loss prevention protects sensitive information within Gmail and Drive from unauthorized sharing. Learn more in our DLP Whitepaper.
  • Information rights management in Drive allows you to disable downloading, printing, and copying of files from the advanced sharing menu, and to set expiration dates on file access.
  • Mobile device management offers continuous system monitoring and alerts in case of suspicious device activity.
To learn more, please visit https://gsuite.google.com/security/

Conclusion


Google offers a GDPR specific page with additional information available at:-

https://cloud.google.com/security/gdpr/

and a GDPR centric document here:-

https://services.google.com/fh/files/misc/google_cloud_and_the_gdpr_english.pdf

GSuite accounts cost £3.30 per user per month and a 20% discount is available for annual commitment. In addition to the peace of mind delivered via having encryption you can also avail of a range of services that use secure protocols. 

With over 20 years operating with internet technologies and 7 years as a Google Cloud Partner we would be delighted to help you comply with forthcoming GDPR legislation.

We invite you to contact Des Donnelly via email at dd@memeonics.com or via our contact form at https://blog.memeonics.com/p/contact.html