It’s National Cyber Security Awareness Month. And the General Data Protection Regulation goes into effect in less than a year. So, it seems like a good time to discuss data protection and encryption.
In a recent Ciena blog, Paulina Gomez does just that. Gomez, who's in product and technology marketing, offers a rundown on GDRP deadlines and requirements. And she talks about new cyber security rules in New York state.
GDPR was adopted by European Parliament last year. It goes into effect in the European Union on May 25 of next year.
It applies to organizations that collect and/or process data from EU residents. That includes organizations based outside the EU, notes Gomez. It also includes the U.K., which will still be part of the EU at that point.
The goal of GDPR is to standardize data protection regulations across the EU.
“That includes everything from relatively innocuous details to highly private information, including names, home addresses, photos, email addresses, bank details, social media posts, medical information, or an IP address,” Gomez writes.
If a data breach does occur and is likely to harm those affected, the GDPR requires companies to notify authorities within 72 hours. The GDPR also elevates data breach fines to 10 million Euro (€10,000,000) – or 2 percent of total worldwide annual turnover – whichever is higher, Gomez explains.
She also blogs about 23 NYCRR Part 500, a new regulation that went into effect at the beginning of March in New York state. That regulation requires New York banks, insurance companies, and other regulated financial services institutions – including non-U.S. banks licensed in the state of New York – to assess and address their cyber security risks. Senior management of companies are required to file a certification each year demonstrating they are in compliance, Gomez says.
She also details the rolling date requirements of 23 NYCRR Part 500. To get those details, click here. And she talks about how Ciena’s WaveLogic Encryption can help organizations comply with laws like the GDPR and 23 NYCRR Part 500.
Edited by Mandi Nowitz