The General Data Protection Regulation 2016/679 (GDPR) is an action passed by the European Parliament, Council of the European Union (EU), and European Commission to unify and strengthen data protection for all individuals and return control of personal data to citizens.
Enforceable on May 25, 2018, GDPR replaces Directive 95/46/EC 2 of 1995. It does not require enabling legislation through the governments of individual member nations—making it directly binding and applicable. Further, the GDPR extends the concept of personal data to include any data element that may identify, directly or indirectly, the “Data Subject.” This includes a name, a photo, an email address, bank details, social network posts, medical information, or a computer IP address.
With controversial topics surrounding this regulation, much conversation will surely take place. For example, technology firms and industries who have long had data-retention requirements may find data destruction—the Right to be Forgotten detailed below—difficult to integrate. They will likely need to change both their processes and use of technology.
My New Solution Guide provides the most important things you need to know in an easy-to- understand format.Read more...
NY DFS enacted 23 NYCRR 500 to establish cybersecurity requirements for financial businesses in New York State. This regulation seeks to protect industry and consumer from cyberattack—requiring banks and other institutions to safeguard transaction records and consumer data.
Governor Andrew M. Cuomo stated: "New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyberattacks. These strong, first-in-the-nation protections will help ensure this industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cybercrimes."
Unfortunately, anything written by legislators can seem complex or intimidating. Businesses without cybersecurity policies risk allowing deadlines established under 23 NYCRR 500 get past them. As a result, many are scrambling. These businesses need a rational voice to guide them.
With this in mind, BTB Security has distilled the most important things to know about 23 NYCRR 500 into a Solution Guide that presents this regulation in plain language—so that you can get ahead, remain ahead, stay compliant, and remain secure. Read the Solution Guide