Under the new EU GDPR/Dutch Wet Meldplicht Datelekken
Datalekken regulations as of January 1st, 2016, there is a legal obligation to report data leaks.
After years of consulting, drafting and negotiating at various levels, on 15 December 2015 the final compromise text of the EU General Data Protection Regulation (“GDPR”) was agreed. The Dutch mandatory Bill on Notification of data leaks (Wet Meldplicht datalekken en uitbreiding bestuurlijke boetebevoegdheid Cbp, the Bill) has entered into force already, as of january 1st 2016.
Report data leaks within two days!
In order to address and mitigate the consequences of the increasing number of security incidents involving personal data, the GDPR not only imposes requirements to implement appropriate security measures, but also makes it a mandatory requirement to report a data breach to the relevant data protection authority.
On average malware is present for 229 days before it is discovered. Because malware can create a data breach, detection has become even more relevant.
Technically Compliant with the regulation
When using the RedSocks Malicious Threat Detector, data breaches in the technical information infrastructure can be traced and it provides proof of the effective operation of the measures in the network. RedSocks worked together with SBR Powerhouse and have developed a classification, making it possible to include the findings and the proof of proper operation of RedSocks Malicious Threat Detector in the management system. This will enable companies and institutions to take an important step in controlling the risks in terms of liability and expenses resulting from the duty to report data breaches.
The @RedSocks Probe – a device that has access to fullpacket streams – is designed for point-to-point connectivity to a RedSocks Malicious Threat Detector (MTD), e.g., for time synchronisation, requires no dedicated Internet connectivity and has no on-board data storage. It is not possible for captured data to be leaked to the Internet, or to be stolen in the event of a breach. The @Redsocks MTD, acting both as flow collector and as analysis application, provides encrypted (forensic) data storage. In addition, the MTD supports transport over encrypted channels using (D)TLS, therefore transport is secure when third-party flow exporters are used.
It’s important for every organization to get everything under control as quickly as possible, to be able to limit as much financial damage as they can.
Suitable technical and organisational measures
The Mandatory Data Breach Notification Act also requires personal data to be secured in a suitable manner. Article 13 of the WBP
“The responsible party shall implement suitable technical and organisational measures to protect personal data against loss or against any form of unlawful handling.”
What actions arise for the DDPA whenever a data breach occurs?
- Identify the nature of the data breach;
- Measure the suspected scope of the data leak;
- Define the suspected nature of the damage ;
- The efforts undertaken to repair the damage;
- Identity and contact details of the official responsible for data protection ;
- Conduct measures to prevent any future data breaches.
How to remediate the damage and avoid regulatory fines? by becoming within 48 hours Technically Compliant with RedSocks MTD.