The importance of protecting personal data
It is undeniable that people are increasingly immersed in the digital world, and through the digital transformation phenomenon, the increase in personal data that is made available on the web only increases.
It is difficult for a person who frequently uses the internet not to leave personal traces on the web, such as name, e-mail, address, bank details, etc. And this is not limited to registration forms. By using a device connected to the Internet, the user will probably be sharing some type of data.
But when making this type of information available on the web, it is difficult for a person to have control over how this data can be handled, at the risk of being used against them for fraud, which makes it necessary for companies to ensure the protection of personal data.
GDPR and LGPD
By analyzing the increase in the number of data leak cases from several companies, the European Union and the European Economic Area have seen the need to impose a set of laws that ensure the data privacy and protection of European users, being entitled as GDPR (General Data Protection Regulation), which subjects corporations that do not follow the rules to fines of up to 50 million euros.
After a short time in force, the law surprised everyone by collecting hundreds of millions of euros in fines, reaching large corporations such as Google, Marriot, and British Airways.
Even after major scandals in the market, the Capgemini Research Institute has found that less than 30% of European companies have adopted the law rules, which makes enforcement increasingly difficult.
After seeing the relevance of GDPR in Europe, Brazil has created a set of laws with the same goal: to ensure the privacy and protection of users’ personal data, with the forecast of coming into force in August 2020, which has been extended to August 2021 due to the COVID-19 pandemic.
The LGPD (General Personal Data Protection Act) is aimed only at Brazil, so all companies that have personal data from Brazilians must follow the rules.
The biggest difference between GDPR and LGPD is in the definition of what is personal data. The Brazilian law is broader concerning this, which makes it more comprehensive and rigid. For example: storing personal data on devices outside a structured security system is subject to fines.
How a PAM solution can help
A good way for companies to maintain the integrity of users’ information is by having a technology that ensures the protection of personal data, such as a PAM solution, which properly manages access to company environments according to privileged credentials.
It can also have a PAM password vault, such as the senhasegura solution, which offers some features to mitigate risks associated with the protection of personal data, such as:
- Granularity of permissions through access groups. This way, one can ensure that only authorized users can access privileged accounts).
- Establishing strict accountability for the use of privileged accounts. This is accomplished by tracking who accessed it, which accounts have been used, and what activities have been performed. It is possible to obtain full visibility of the actions in the environment.
- Quick detection and notification of any abnormal activity that could mean internal threats in progress. senhasegura offers complete management dashboards and reports to reduce the time to detect and solve incidents associated with privileged credentials.
Partnership between senhasegura and Renaissance
Intending to expand the senhasegura’s Privileged Access Management (PAM) solution around the world, and reducing the difficulties for companies to comply with GDPR rules, senhasegura has partnered with Renaissance, an Irish distributor of cutting-edge technologies.
According to Renaissance director, Michael Conway, privileged credentials are by far the most common entry point that threat agents aim at, so it is important to protect them.
Through an easy-to-implement solution such as senhasegura’s, complying with all LGPD and GDPR rules becomes an easy task, ensuring the protection of a company’s personal data.