{"id":448,"date":"2018-05-26T22:14:58","date_gmt":"2018-05-26T22:14:58","guid":{"rendered":"https:\/\/eset-blog.aist.fun\/gdpr-one-rule-to-rule-them-all-legally\/"},"modified":"2019-06-18T10:26:58","modified_gmt":"2019-06-18T07:26:58","slug":"gdpr-one-rule-to-rule-them-all-legally","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/","title":{"rendered":"GDPR: One rule to rule them all \u2013 legally"},"content":{"rendered":"

It’s almost here but what are the legal ramifications of the incoming legislation for businesses<\/p>\n

There is a certain similarity between J. R. R. Tolkien\u2019s The Lord of the Rings<\/em> trilogy and General Data Protection Regulation<\/a> (GDPR) coming to force tomorrow, May 25 2018. As weird as it may sound, the regulation puts in place standards identical to those of the One Ring \u2013 GDPR is here to rule the world of data protection the same way the One Ring ruled the others.<\/p>\n

In real life, this could be directly linked to unifying the different levels of the data protection legislation in each of the European Union (EU) countries. Except in this case, the One Ring is replaced by the single set of data protection rules across the EU. Thus, the regulation aims to protect any information that relates to \u201can identified or identifiable person\u201d \u2013 addressing the export of personal data outside of Europe as well.<\/p>\n

WeLiveSecurity spoke with Tom\u00e1\u0161 Mi\u010do, ESET Data Protection Officer, to clarify the essentials the regulation brings to businesses. \u201cIn Slovakia, where the cybersecurity firm ESET is based, we\u2019ve already had, by law the possibility to appoint a Data Protection Officer, so applying GDPR for businesses inside countries with similar requirements of legislation shouldn\u2019t have any significant impediments,\u201d he says.<\/p>\n

According to Mi\u010do, businesses have already invested significant time and energy into mapping all the processes and reviewing all the agreements as recommended by data protection professionals. \u201cMoreover, as GDPR has so-called \u2018downstream\u2019 effect, businesses need to apply the same principles to all their arrangements including those with third-party processors and sub-contractors,\u201d explains Mi\u010do.<\/p>\n

The main purpose of the new regulation is to minimize the unnecessary collection of personal data, including steps that prevent storing data that does not need to be stored, and securing the entire journey of the personal data in the company. However, the biggest challenges for businesses lie with the requirements for Privacy by Design, Privacy by Default, Right to Erasure, Right to be Forgotten and Breach Notification.<\/p>\n

The computer security companies around the globe are rightfully using this opportunity, offering solutions to mitigate the main risks connected to the regulation \u2013 selling encryption, two-factor authentication and other solutions to close any possible path for cybercriminals to get to the personal data that must be protected under GDPR.<\/p>\n

That\u2019s not all. Although businesses are successfully<\/a> deploying cybersecurity solutions to make sure personal data are properly processed and protected inside your company, there are other legal responsibilities that must be completed. One of them is to offer an easy-to-understand explanation of data processing, so customers are transparently informed about their rights resulting from this new regulation.<\/p>\n

\u201cBusinesses have to make sure they have consent, contract or other legal basis for processing all of the personal data protected by the regulation, for all their end users. For a middle size business, it can as well mean spending countless hours retroactively contacting all of them if their legal basis is not GDPR valid \u2013 including end users that businesses gained through third parties or sub-contractors,\u201d adds Mi\u010do.<\/p>\n

In addition, individuals have as well the right to request a detailed listing of all their personal data that is being processed, and request it from any vendor that works with the personal data of EU located customers, even if the company is not physically located in the EU. This is especially hard for all the e-commerce businesses and businesses that work with cloud services. And that is the reason why the majority of newsletters in last couple of weeks start with We have updated our privacy policy<\/em>.<\/p>\n

Moreover, businesses must have the information about the individual available at any time and keep it protected \u2013 encrypted \u2013 to be GDPR compliant. \u201cThis way the personal data, even when the company suffers a breach or is hacked, stay protected,\u201d says Mi\u010do. Perharps the greatest onus in the Breach Notification requirement, which forces businesses to have processes in place that will ensure the information about the data breach will make it to the appropriate data protection authority within 72 hour after it was discovered.<\/p>\n

If nothing else, penalties for non-compliance are quite a bite to swallow \u2013 looking at 2% to 4% of the company\u2019s global annual turnover, which is an expense no company can afford to take lightly. A recent survey by IDC<\/a>, however, reveals that for noncompliance, \u201cregulators are more likely to focus on progress toward the goal than penalizing those not quite finished with GDPR conformity<\/a>\u201d.<\/p>\n

In time, we\u2019ll see if the famous one rule to rule them all will find them all and and bind them as the legislators have predicted, or if everyone will meet in an unfulfilled GDPR Land of Mordor.<\/p>\n

For more information on GDPR, ESET has a dedicated page<\/a> to help ensure that you have all the information needed to cope with GDPR. To read more articles like this one, please follow WeLiveSecurity<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

It’s almost here but what are the legal ramifications of the incoming legislation for businesses There is a certain similarity between J. R. R. Tolkien\u2019s The Lord of the Rings trilogy and General Data Protection Regulation (GDPR) coming to force tomorrow, May 25 2018. As weird as it may sound, the regulation puts in place<\/p>\n","protected":false},"author":5,"featured_media":1956,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[152],"tags":[],"class_list":["post-448","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-gdpr"],"acf":[],"yoast_head":"\nGDPR: One rule to rule them all \u2013 legally - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR: One rule to rule them all \u2013 legally\" \/>\n<meta property=\"og:description\" content=\"It’s almost here but what are the legal ramifications of the incoming legislation for businesses There is a certain similarity between J. R. R. Tolkien\u2019s The Lord of the Rings trilogy and General Data Protection Regulation (GDPR) coming to force tomorrow, May 25 2018. As weird as it may sound, the regulation puts in place\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-26T22:14:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-18T07:26:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/GDPR_RuleThemAll-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"593\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"GDPR: One rule to rule them all \u2013 legally\",\"datePublished\":\"2018-05-26T22:14:58+00:00\",\"dateModified\":\"2019-06-18T07:26:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/\"},\"wordCount\":834,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/GDPR_RuleThemAll-1.jpg\",\"articleSection\":[\"GDPR\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2018\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/\",\"name\":\"GDPR: One rule to rule them all \u2013 legally - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/GDPR_RuleThemAll-1.jpg\",\"datePublished\":\"2018-05-26T22:14:58+00:00\",\"dateModified\":\"2019-06-18T07:26:58+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/GDPR_RuleThemAll-1.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/GDPR_RuleThemAll-1.jpg\",\"width\":1000,\"height\":593},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GDPR: One rule to rule them all \u2013 legally\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2018\\\/05\\\/26\\\/gdpr-one-rule-to-rule-them-all-legally\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR: One rule to rule them all \u2013 legally - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/","og_locale":"en_US","og_type":"article","og_title":"GDPR: One rule to rule them all \u2013 legally","og_description":"It’s almost here but what are the legal ramifications of the incoming legislation for businesses There is a certain similarity between J. R. R. Tolkien\u2019s The Lord of the Rings trilogy and General Data Protection Regulation (GDPR) coming to force tomorrow, May 25 2018. As weird as it may sound, the regulation puts in place","og_url":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2018-05-26T22:14:58+00:00","article_modified_time":"2019-06-18T07:26:58+00:00","og_image":[{"width":1000,"height":593,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/GDPR_RuleThemAll-1.jpg","type":"image\/jpeg"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"GDPR: One rule to rule them all \u2013 legally","datePublished":"2018-05-26T22:14:58+00:00","dateModified":"2019-06-18T07:26:58+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/"},"wordCount":834,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/GDPR_RuleThemAll-1.jpg","articleSection":["GDPR"],"inLanguage":"en-US","copyrightYear":"2018","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/","url":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/","name":"GDPR: One rule to rule them all \u2013 legally - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/GDPR_RuleThemAll-1.jpg","datePublished":"2018-05-26T22:14:58+00:00","dateModified":"2019-06-18T07:26:58+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/GDPR_RuleThemAll-1.jpg","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/04\/GDPR_RuleThemAll-1.jpg","width":1000,"height":593},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"GDPR: One rule to rule them all \u2013 legally"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2018\/05\/26\/gdpr-one-rule-to-rule-them-all-legally\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=448"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/448\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/1956"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}