The General Data Protection Regulation (GDPR) becomes official in the European Union (EU) on May 28th, 2018. Regardless of your geo-location, if someone in your organization even touches data from a “data subject” in the EU that’s a prospect, your organization must comply with the new regulation. This means not only must you comply with GDPR when handling your customers’ and prospect’s data (which includes names, photos, email addresses, bank details, social media posts, medical information, or computer IP addresses) but even data of those you contact and never sell anything to.
GDPR affects every corner of the globe that touches, records, or moves data of a subject residing in the EU. Once May 2018 hits, both the coverage and the enforcement of GDPR will be unprecedented. Until now, data security standards enforcement has been merely a slap on the wrist (PCI DSS, HIPPA, and others.) As outlined in GRPR though, fines could amount up to four percent of a business’s annual revenue with a cap set at €20 million (over $22.2 million USD as of June 2017.)
With these types of fines at risk for noncompliance, businesses must be prepared for next May when GDPR will inevitably change the way businesses handle their data. Two particular points of distinction in GDPR are the “Right to be Forgotten” by any EU data subject, and “Data Breach Reporting.” The former of which requires that should an EU data subject request the erasure of their data from your company’s database, your company must comply “without undue delay.” The latter of which requires that in the event of a data breach in your company’s security, the breach must be identified and reported to the supervisory authority within 72 hours of the breach. Clearly a comprehensive and real-time view of your company’s information security environment is paramount for GDPR compliance.
In anticipation of its start date next May here are five things your company can do to prepare for this massive shift in global compliance standards.
- Reinforce your endpoint security.EMM systems were never originally designed as security and anti-virus systems so fundamentally, they cannot operate as efficiently as systems designed to watch, track then alert (sometimes with automated remediation) on cyber threats as they are happening in real time.
- Security Information and Event Management
To keep tabs on your data and who’s accessing (or even looking at) your data, you need a 360-degree view of all user activity surrounding your data.
- MDM & SIEM Integration to your IT SOC All this event logging and event correlation must be rolled up into a single view of data security truth within your IT Security Operations Center.
- Your Security Policy should not Clash with your Mobile Application Functionality
Today, business workflows have been re-engineered to such an extent that being out of the office is not an exemption from being able to complete a task. The farther away from a network a device resides, the security on the device is greatest. But what of the affect to applications on the device?
- Alerting system that’s integrated into Service Desk
Given the 72-hour time requirement for GDPR breach reporting, we need to bring Service Desk notification processes into the realm of your IT security and compliance.
For more Info on the GDPR standard and these 5 steps, please download the full whitepaper here. For more information on SyncDog Products visit syncdog.com