Eight Steps To The GDPR Countdown

One year from now, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses work with the personal data of citizens and residents of the EU. 

GDPR was approved a year ago and will be going into effect in another year. It applies directly to organisations within the EU, but also applies to organisations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.

Step 1: Partners
Select partners, legal, technical, and strategic, that might be qualified to assist with GDPR compliance. They should be familiar with the effects that the regulation will have on your particular industry. Your organisation's size and location might also factor into your decision.
Step 2: Readiness assessment
Do an early assessment of how you are often likely to be affected by GDPR. Determine if you have EU customers or handle data from partners and customers that do. Find out if your business has any plans to do business in the EU or might be hiring EU citizens sometime in the future.
Step 3: Get ready to tackle GDPR as a business initiative
Don't be lulled into thinking of the move to GDPR compliance as a technology-only project. Consider its impact on all business units – legal, financial, personnel, etc. Technology can certainly help to bring about your transition to GDPR compliance, but it's not a magic pill.
Step 4: Identify and map your data
Consider all the data that your business collects, processes and stores. Get a clear view of how it is stored and backed up, and how it moves through your organization. Also, consider who has access.
Step 5: Create a plan that exceeds regulatory minimums
While you're preparing for GDPR, take a broader look at all the data your organization processes. Pay particular attention to personal data and corporate intellectual property. Create and implement training programs to keep staff attuned to both risks and processes for proper handling of sensitive data. If you don't already have an incident response plan, create one. If you do, make sure that it's being followed and that records are kept so that your incident response performance can be reviewed.
Step 6: Document your audits
Be careful to document the steps that you take to audit your procedures and ensure that your control procedures are being followed. Proper records and evidence of your efforts to be vigilant in protecting sensitive information could be very valuable and help you to avoid fines if a security incident is identified.
Step 7: Protect data at rest and in motion
Don't lose sight of the fact that data moving across your network might be most vulnerable. Use encrypted connections whenever possible. Control and monitor who has access to shared drives. Remember, too, that jurisdiction and rules change as data moves across borders.
Step 8: Implement process automation
Use automation to avoid human error as much as possible. Heavily test your processes before relying on them. Think of GDPR compliance as one more reason to address operational inefficiencies across the board.
One year from now ...

This time next year, you could be confident that your processes and data protection measures are going to make this a good day, but you need to start focusing on how you're going to get to that comfort zone. The one-year countdown starts today.

Computerworld:     

You Might Also Read:

EU’s New Data Rules Are 1 Year Away:

Auditors Need To Know About Cyber Security:

Auditors Need To Know About Cyber Security:


 

« Russian Hackers Sow Disinformation Via Leaks
Ignoring Software Updates… »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

CLUSIF

CLUSIF

Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications.

Protenus

Protenus

Protenus provide a solution to proactively monitor and protect patient privacy in the electronic health record (EHR).

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

Ten Eleven Ventures

Ten Eleven Ventures

Ten Eleven is a specialized venture capital firm exclusively dedicated to helping cybersecurity companies thrive.

Jump Capital

Jump Capital

Jump provides series A and B capital to data-driven tech companies within the FinTech, IT & Data Infrastructure, B2B SaaS and Media sectors.

Singtel Innov8

Singtel Innov8

Singtel Innov8, the venture capital arm of the Singtel Group, invests in and partners with innovative technology start-ups globally.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Proton

Proton

Proton provides free encrypted email, calendar, drive, password manager, and VPN services. Building a better Internet.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.