The General Data Protection Regulation (GDPR ) (Regulation (EU) 2016/679) is a regulation that reinforces and binds together information security for all people inside the European Union (EU).
It supersedes the European Union Data Protection Directive of 1995 which led to different privacy laws in different European countries. GDPR is intended to protect personal data and establishes how organizations process, store, and ultimately destroy it when the data is no longer required.
IBM i Complying with GDPR
GDPR requirements cover best security practices. Here is a summary of these requirements, focusing on the relevant items to IBM i security.
- Establish data privacy as a fundamental right.
- Protect personal data for anyone based in the EU or handling the personal data of anyone in the EU.
- Protect this personal data via processes, technology and automation.
- Place direct legal obligations on data processors.
- Establish responsibilities of companies based in the EU or providing goods or services to anyone in the EU.
- Establish a baseline for data protection based on GDPR requirements.
- Elaborate on data protection principles: not only encryption but also assessment, prevention, detection controls.