GDPR IN THE OFFICE
“While the overwhelming majority of IT security professionals are aware of GDPR, just under half of them are preparing for its arrival, according to a snap survey of 170 cyber security staff by Imperva.”
Many of you would have had that initial conversation about your company having to adhere to the new GDPR regulations around protecting personal data and identity tracking etc.
GDPR stands for “General Data Protection Regulation (GDPR)” and will be enforced from 25 May 2018. It was put together by the European Commission to reinforce data protection and give people more control over how their personal data is used. Companies like Facebook and Google etc swap access to people’s data for use of their services so it’s now essential to have methods to protect our data and offer visibility over where our data is located. The current legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that.
Having said that GDPR should also offer companies a clearer and simpler legal environment in which to operate making data protection law identical throughout the single market (the EU estimates this will save businesses a collective €2.3 billion a year).
By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.
While your business tries to understand the legal implications of the new legislation it is up to I.T to incorporate robust technological solutions in place to meet the GDPR obligations.
“nearly a third said they are not preparing for the incoming legislation, and 28% said they were ignorant of any preparations their company might be doing.” – Imperva
WHY SHOULD I BE INTERESTED?
There are two main reasons why you should be sweating the deadline for GDPR compliance.
- The potential for high cost on achieving GDPR compliance
- The potential loss of customer data as the fines can be as high as 5% of your companies annual revenue! Enforcement will be extremely expensive. That’s why the fines for non-compliance will be enormous — to pay the salaries of those monitoring, investigating and enforcing the regulations.
HOW DO I GET READY FOR GDPR IN THE CLOUD?
When working with Cloud Service Providers (CSP) such as Microsoft Azure, AWS, Google, IBM etc it is important to note that there are some responsibilities that you own as the customer and some responsibilities that the CSP owns. It is important to know what in the realms of GDPR you are responsible for and what is covered by your CSP.
There are about 4 steps to the process of preparation that include:
- Discover – Find out what personal data you have and where it’s located
- Manage – Control how personal data is used and accessed
- Protect – Enforce security controls to prevent, detect and respond to vulnerabilities and data breaches
- Report – Keep required documentation, manage data requests and provide breach notifications.
Whilst I work with customers to help educate and direct them to become “GDPR ready” it’s important to note that with a combination of processes and tooling you can become GDPR ready within your own organisation.
Get started now by incorporating strategies around Data Security, Access Management and Data Protection.
Deadline 25 May 2018