Cybersecurity regulations and standards must be known by professionals. Nowadays every single organization requires personal information in order to perform its service therefore every piece of information comes with heavy responsibilities on its shoulder. Laws guard particular types of user data to make sure that they do not fall into the wrong hands. Depending on where they were drafted and passed, and what jurisdiction they apply to, these laws are enacted and enforced in different ways. A growing number of cybersecurity regulations and standards is resulting in a complicated web of compliance obligations for businesses all over the world. A few key themes emerge loud and clear when studying the huge and rising volume of regulation.
In this article, we will list the most demanding cyber security regulations by organizations:
First one of the Cybersecurity Regulations: EU GDPR
The EU General Data Protection Regulation (GDPR) came into operation on April 14, 2016, although the current time for compliance is May 25, 2018. The GDPR intends to create a common data protection norm for all EU member states. Redefining geographical borders is one of the changes.
It applies to companies who operate in the EU or interact with the personal data of EU citizens. If an EU citizen’s data is processed, the entity is now subject to the GDPR, regardless of where the data is handled.
The most significant sections to remember regarding this law are:
Every public-held company is expected to hire a data protection officer (DPO). DPOs assist your company to observe internal compliance, advise you on your obligations towards data protection, and provide information about Data Protection Impact Assessments. They could be an existing employee or externally hired, yet should also be independent and an expert in data protection.
Each company should have appropriate legitimate technical and administrative measures to guard user data. They should expect to be held accountable in case of data preaching as well.
Every security breach is will be reported to authorities in 72 hours. Individuals whose personal data has been affected should be contacted and made aware of the hazards that they now encounter as well.
Unsuccess to follow the GDPR can have serious outcomes for a company. In the worst case, you’ll be required to pay a fine of up to 4% of your yearly global sales.
Health Insurance Portability and Accountability Act, On 21.08.1996, President Bill Clinton signed into law a federal measure established by the 104th United States Congress. It updated the flow of healthcare data, outlined how personally identifiable information held by the healthcare and healthcare insurance businesses must be safeguarded against swindle and theft and addressed diverse constraints on healthcare insurance coverage.
Cybersecurity Regulation III: PCI-DSS
The Payment Card Industry Data Security Standard (PCI DSS) is intended to ensure that all businesses that receive, process, store, or transmit credit card data do so in a safe and secure manner. The PCI DSS applies to any organization that accepts, transmits, or keeps cardholder data, regardless of size or transaction volume.
Regulation IV: CCPA
California Consumer Privacy Act (CCPA) This is the first regulation in the United States that comes close to replicating what the GDPR has accomplished. The law was passed to give California people the right to access their personal data, to refuse the sale of their data, and to know what personal data about them is being gathered.
The purposes of the Act are to provide California residents with the right in order to:
1- Know what personal data is collected concerning them.
2- Know whether their personal data is sold or disclosed and if it is sold or disclosed, to whom?.
3- Say no to the sale of personal data.
4- Reach their private data.
5- Request a business to delete any personal information about a consumer collected from that consumer.
6- Not be discriminated against for exercising their privacy rights.
23 NYCRR 500 Is the Last One of the Cybersecurity Regulations
New York State’s Department of Financial Services Cybersecurity Regulations (23 NYCRR 500) The regulations essentially require financial institutions, including those in banking, insurance, and financial services, to assess their cybersecurity risk profiles and implement a comprehensive plan to effectively protect consumer data privacy.
The regulations call for companies to:
- Administer standard security risk assessments,
- Keep audit trails of asset use,
- Create preservative infrastructure,
- Improve cyber security policies and procedures, and
- Keep an incident response plan.
You may also be interested in: