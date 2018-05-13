BOSTON, MA / ACCESSWIRE / May 13, 2018 / Cybersecurity professionals at iboss, the developers of the world's first and only web gateway designed to solve the challenge of securing complex and distributed organizations, recently discussed the European Union's (EU) impending General Data Protection Regulation (GDPR) that will go into effect on May 25, 2018. GDPR will require every organization, regardless of location, that offers products or services to EU residents to comply with a strict set of data privacy and security measures, purposely resulting in effective global regulation for financial services firms who handle customer data. The iboss experts detail the new legislation while discussing what businesses must do to avoid any potential financial penalties.

As it stands, GDPR is binding on all 28 EU members and was designed to address the disruption to data privacy that has resulted from the rapid evolution of information technology and business models over the past two decades. The regulation will be enforceable by data protection authorities, referred to as "supervisory authorities", from each European country, who will be tasked with ensuring the compliance of organizations dealing with the data of EU citizens. While multinational companies, with their greater access to resources, are likely already able to meet most requirements, iboss believes that most smaller entities will need all the time available before inception to completely prepare. GDPR will replace the EU's existing data privacy and security regime, the Data Protection Directive 95/46/EC, which was enacted in 1995. The government found that supervisory authorities had little recourse against large, well-funded corporations who viewed the potential fines of violation ($184,540 to $1.1 million USD) as a mere cost of doing business. The changes under GDPR could see fines imposed up to $24.6 million USD or four percent of the offending company's global annual revenue.

Because the U.S. does not have a federal data protection law, measures are outlined in numerous state laws and regulations. As a result, with the advent of GDPR, American organizations which hold data on European customers must keep track of domestic regulations while also ensuring compliance with GDPR. Fortunately, the new requirements for data protection are in concert with most regulations in the U.S. There is currently nothing in the National Institute of Standards and Technology Cybersecurity Framework that conflicts with the practices required by GDPR. The regulation also features notification requirements modeled after U.S. breach notification laws -- the most significant difference being a shortened 72-hour time frame. Given that most breaches are not immediately discovered and can take time to determine the extent, this could pose a challenge for some entities.

Architected for the cloud, iboss' Secure Web Gateway platform provides an elastic, architecture that provides security through the cloud to secure any user, location or device regardless of where its located while eliminating the cost and latency associated with appliances. Backed by over 100 patents, the groundbreaking technology protects over 4,000 organizations worldwide, making iboss one of the fastest growing cybersecurity companies in the world.

