The EU’s General Data Protection Regulation (GDPR) has changed the way organisations around the world approach data security. Even if your centre of operations is nowhere near Europe, you must take stock of your IBM i security controls and evaluate what this compliance law means for you if you are processing personal data from people located in the European Union.
The GDPR deadline has passed, but this law certainly hasn’t become less important. Being GDPR compliant and staying GDPR compliant is as critical now as ever—and it means we need to learn a totally new approach when processing personal data.
Changing Requirements Lead to Large Fines
Prior to the GDPR, a company had to notify the supervisory authority of a data breach, but there was no real mechanism or timescale to do this. The GDPR specifies that organisations must implement organisational (process and procedures) and technological (software and hardware) solutions to secure personal data. All data breach threats must be reported within 72 hours to the Information Commissioners Office or the supervisory authority in your country.
An advantage of the GDPR is an organisation is only required to notify individuals now if there’s a breach and it has a high risk to their rights. This is probably why we haven’t seen a great deal of news coverage since May, but several organisations have received large fines.
Examples of Six-Figure GDPR Penalties
One example is UK telemarketing company AMS Marketing that were fined in August for making marketing calls to people who had opted out of receiving calls using the Telephone Preference Service. This is a case of not implementing GDPR organisational procedures. AMS received a £100K fine.
Failing to implement sufficient technological measures is also a problem. One example of this is the Bible Society, who were fined £100K in June after a cyber attack compromised their computer network.
Nobody is immune. Many police forces and even the Crown Prosecution Service in the UK have been fined since May. British Airways revealed a breach of their security systems in early September. This could be the highest fine since the GDPR became enforceable—or ever in Europe!
GDPR compliance is a challenge, but it is attainable even on IBM i. The security and compliance pros at HelpSystems have unparalleled expertise with the IBM i operating system and we can help you implement the controls necessary to prevent a data breach—and avoid fines for non-compliances.