Eight Steps To The GDPR Countdown

Uploaded on 2017-06-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

One year from now, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses work with the personal data of citizens and residents of the EU. 

GDPR was approved a year ago and will be going into effect in another year. It applies directly to organisations within the EU, but also applies to organisations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.

Step 1: Partners
Select partners, legal, technical, and strategic, that might be qualified to assist with GDPR compliance. They should be familiar with the effects that the regulation will have on your particular industry. Your organisation's size and location might also factor into your decision.
Step 2: Readiness assessment
Do an early assessment of how you are often likely to be affected by GDPR. Determine if you have EU customers or handle data from partners and customers that do. Find out if your business has any plans to do business in the EU or might be hiring EU citizens sometime in the future.
Step 3: Get ready to tackle GDPR as a business initiative
Don't be lulled into thinking of the move to GDPR compliance as a technology-only project. Consider its impact on all business units – legal, financial, personnel, etc. Technology can certainly help to bring about your transition to GDPR compliance, but it's not a magic pill.
Step 4: Identify and map your data
Consider all the data that your business collects, processes and stores. Get a clear view of how it is stored and backed up, and how it moves through your organization. Also, consider who has access.
Step 5: Create a plan that exceeds regulatory minimums
While you're preparing for GDPR, take a broader look at all the data your organization processes. Pay particular attention to personal data and corporate intellectual property. Create and implement training programs to keep staff attuned to both risks and processes for proper handling of sensitive data. If you don't already have an incident response plan, create one. If you do, make sure that it's being followed and that records are kept so that your incident response performance can be reviewed.
Step 6: Document your audits
Be careful to document the steps that you take to audit your procedures and ensure that your control procedures are being followed. Proper records and evidence of your efforts to be vigilant in protecting sensitive information could be very valuable and help you to avoid fines if a security incident is identified.
Step 7: Protect data at rest and in motion
Don't lose sight of the fact that data moving across your network might be most vulnerable. Use encrypted connections whenever possible. Control and monitor who has access to shared drives. Remember, too, that jurisdiction and rules change as data moves across borders.
Step 8: Implement process automation
Use automation to avoid human error as much as possible. Heavily test your processes before relying on them. Think of GDPR compliance as one more reason to address operational inefficiencies across the board.
One year from now ...

This time next year, you could be confident that your processes and data protection measures are going to make this a good day, but you need to start focusing on how you're going to get to that comfort zone. The one-year countdown starts today.

Computerworld:     

You Might Also Read:

EU’s New Data Rules Are 1 Year Away:

Auditors Need To Know About Cyber Security:

Auditors Need To Know About Cyber Security:


 

« Russian Hackers Sow Disinformation Via Leaks
Ignoring Software Updates… »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

Farsight Security

Farsight Security

Farsight Security provides the world’s largest real-time actionable threat intelligence on how the Internet is changing.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Reco AI

Reco AI

Reco is an identity-centric SaaS security solution that empowers organizations with full visibility into every app, identity, and their actions to control risk in their SaaS ecosystem.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.

Digital Technologies Group (DTG)

Digital Technologies Group (DTG)

DTG are a digital transformation company helping process organisations embrace smarter manufacturing through the adoption of industry 4.0 technologies and solutions.