Cyber Security Expert, Paulius Petretis Advises Action to Meet Data Protection Ruling.

Paulius Petretis, leading cyber security expert and CEO of VORAS Consulting advises businesses to take action now in order to comply with new data protection rule while also reviewing some of the many benefits.

Vilnius, Lithuania – February 05, 2017 – Paulius Petretis, CEO of VORAS Consulting posted a new article on the company website entitled “May 2018 Deadline for New Data Protection Compliance. Mr. Petretis provides a review of how the new ruling benefits both the private and business sectors.

“With the deadline quickly approaching,” writes Petretis, “businesses throughout Europe and the world are scrambling to hire information security experts to bring them into compliance with the new data protection rules.” He advises, “If you have not begun your conversation with someone to bring your business into compliance, you will want to begin the conversation soon because the deadline is just 13 months away.”

Petretis says, “In case you are not clear about the purpose of the ruling, I’m sharing information published by the European Commission, which states, “The proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private lives while, at the same time, open up new opportunities for business.” According to Petretis, “Everyone stands to benefit.”

Petretis goes on to share a number of benefits, one of which states “One continent, one law, making a single set of rules, which make it simpler and cheaper for companies to do business in the EU.”

The entire article can be read here

 Paulius Petretis

Paulius Petretis is an Information security expert, Certified Information Systems Security Professional (CISSP®), Certified Information Security Manager (CISM®), Certified Information Systems Auditor (CISA®), Certified in the Governance of Enterprise IT(CGEIT®) and Certified in Risk and Information Systems Control (CRISC®), Guest speaker at various conferences and seminars, Trainer at information security related training courses.

According to the annual survey initiated by the Info Security Europe, a whopping 93% of large organizations and 76% of small businesses had at least a single information security breach in 2011. Only 18% of the organizations affected by the infringements related to data protection laws had a consistent and effective contingency plan in place. According to Paulius, information is not something static – it evolves and mutates every day. It is the ecosystem of every business and if a single cell fails, it can bring down the entire business.

Therefore ensuring a consistent and up-to-date information protection policy must be the priority for all businesses – no matter how big or small they are. As it might be unrealistic to believe that any young or experienced entrepreneur can be the jack of all trades, the really smart decision is to rely on specialists who dedicate their professional lives to getting to know everything there is to know about protecting important business information.

With more than 16 years of experience in helping people, small businesses, and government organizations to protect their business secrets, Paulius believes that information security must help businesses achieve goals but not vice versa.

 

###

 

 

 

 

 

 

May 2018 Deadline for New Data Protection Compliance

With the deadline quickly approaching, businesses throughout Europe and the world are scrambling to hire information security experts to bring them into compliance with the new data protection rules. If you have not begun your conversation with someone to bring your business into compliance, you will want to begin the conversation soon because the deadline is just 13 months away.

In case you are not clear about the purpose of the ruling, I’m sharing information published by the European Commission, which states, “The proposed Regulation on Privacy and Electronic Communications will increase the protection of people’s private lives while, at the same time, open up new opportunities for business.”

Everyone stands to benefit.

The following is an overview of how the New Data Protection Rules will benefit private users and companies – large and small.

Clear modern rules for businesses

In today’s digital economy, personal data has acquired enormous economic significance, in particular in the area of big data. By unifying Europe’s rules on data protection, lawmakers are creating a business opportunity and encouraging innovation.

One continent, one law: The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.

One-stop-shop: businesses will only have to deal with one single supervisory authority. This is estimated to save €2.3 billion per year.

European rules on European soil– companies based outside of Europe will have to apply the same rules when offering services in the EU.

Risk-based approach: the rules will avoid a burdensome one-size-fits-all obligation and rather tailor them to the respective risks.

Rules fit for innovation: the regulation will guarantee that data protection safeguards are built into products and services from the earliest stage of development (Data protection by design). Privacy-friendly techniques such as pseudonymisation will be encouraged, to reap the benefits of big data innovation while protecting privacy.

Benefits for big and small alike

The data protection reform will stimulate economic growth by cutting costs and red tape for European business, especially for small and medium enterprises (SMEs). The EU’s data protection reform will help SMEs break into new markets. Under the new rules, SMEs will benefit from four reductions in red tape:

No more notifications: Notifications to supervisory authorities are a formality that represents a cost for business of €130 million every year. The reform will scrap these entirely.

Every penny counts: Where requests to access data are manifestly unfounded or excessive, SMEs will be able to charge a fee for providing access.

Data Protection Officers: SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity.

Impact Assessments: SMEs will have no obligation to carry out an impact assessment unless there is a high risk.

Stronger rules: By updating the current Directive with a directly applicable Regulation, all people and businesses in the EU will enjoy the same level of protection for their electronic communications. Businesses will also benefit from one single set of rules across the EU.

Communications content and metadata: Privacy will be guaranteed for both content and metadata derived from electronic communications (e.g. time of a call and location). Both have a high privacy component and, under the proposed rules, will need to be rendered anonymous or deleted if users have not given their consent, unless the data is required. For instance where data would be required is for billing purposes.

New business opportunities: Once consent is given for communications data, both content and/or metadata, to be processed, traditional telecoms operators will have more opportunities to use data and provide additional services. For example, they could produce heat maps indicating the presence of individuals to help public authorities and transport companies when developing new infrastructure projects.

Simpler rules on cookies: The so called “cookie provision”, which has resulted in an overload of consent requests for Internet users, will be streamlined. New rules will allow users to be more in control of their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks. The proposal clarifies that no consent is needed for non-privacy intrusive cookies improving Internet experience (e.g. to remember shopping cart history). Cookies set by a visited website counting the number of visitors to that website will no longer require consent.

Protection against spam: Today’s proposal bans unsolicited electronic communication by any means, e.g. by emails, SMS and in principle also by phone calls if users have not given their consent. Member States may opt for a solution that gives consumers the right to object to the reception of voice-to-voice marketing calls, for example by registering their number on a do-not-call list. Marketing callers will need to display their phone number or use a special pre-fix that indicates a marketing call.

More effective enforcement: The enforcement of the confidentiality rules in the Regulation will be the responsibility of national data protection authorities.

(http://europa.eu/rapid/press-release_IP-15-6321_en.htm)

 

 

VORAS Consulting works with companies, government agencies and businesses of all sizes. Become compliant with the new privacy protection requirements. Schedule a consultation today and make sure you are in compliance prior to the May, 2018 deadline.