Eight Steps To The GDPR Countdown

Uploaded on 2017-06-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

One year from now, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses work with the personal data of citizens and residents of the EU. 

GDPR was approved a year ago and will be going into effect in another year. It applies directly to organisations within the EU, but also applies to organisations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.

Step 1: Partners
Select partners, legal, technical, and strategic, that might be qualified to assist with GDPR compliance. They should be familiar with the effects that the regulation will have on your particular industry. Your organisation's size and location might also factor into your decision.
Step 2: Readiness assessment
Do an early assessment of how you are often likely to be affected by GDPR. Determine if you have EU customers or handle data from partners and customers that do. Find out if your business has any plans to do business in the EU or might be hiring EU citizens sometime in the future.
Step 3: Get ready to tackle GDPR as a business initiative
Don't be lulled into thinking of the move to GDPR compliance as a technology-only project. Consider its impact on all business units – legal, financial, personnel, etc. Technology can certainly help to bring about your transition to GDPR compliance, but it's not a magic pill.
Step 4: Identify and map your data
Consider all the data that your business collects, processes and stores. Get a clear view of how it is stored and backed up, and how it moves through your organization. Also, consider who has access.
Step 5: Create a plan that exceeds regulatory minimums
While you're preparing for GDPR, take a broader look at all the data your organization processes. Pay particular attention to personal data and corporate intellectual property. Create and implement training programs to keep staff attuned to both risks and processes for proper handling of sensitive data. If you don't already have an incident response plan, create one. If you do, make sure that it's being followed and that records are kept so that your incident response performance can be reviewed.
Step 6: Document your audits
Be careful to document the steps that you take to audit your procedures and ensure that your control procedures are being followed. Proper records and evidence of your efforts to be vigilant in protecting sensitive information could be very valuable and help you to avoid fines if a security incident is identified.
Step 7: Protect data at rest and in motion
Don't lose sight of the fact that data moving across your network might be most vulnerable. Use encrypted connections whenever possible. Control and monitor who has access to shared drives. Remember, too, that jurisdiction and rules change as data moves across borders.
Step 8: Implement process automation
Use automation to avoid human error as much as possible. Heavily test your processes before relying on them. Think of GDPR compliance as one more reason to address operational inefficiencies across the board.
One year from now ...

This time next year, you could be confident that your processes and data protection measures are going to make this a good day, but you need to start focusing on how you're going to get to that comfort zone. The one-year countdown starts today.

Computerworld:     

You Might Also Read:

EU’s New Data Rules Are 1 Year Away:

Auditors Need To Know About Cyber Security:

Auditors Need To Know About Cyber Security:


 

« Russian Hackers Sow Disinformation Via Leaks
Ignoring Software Updates… »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

S21sec

S21sec

S21sec is a leading European pure play cybersecurity consultancy, services and solutions provider.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Oxford BioChronometrics

Oxford BioChronometrics

By building profiles based on electronically Defined Natural Attributes, or e-DNA, Oxford BioChronometrics protects digital networks, communities, individuals and other online assets from fraud.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

Ampere Industrial Security

Ampere Industrial Security

Ampere is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.