Playing Catch-Up With GDPR

After two years of waiting, Europe’s General Data Protection Regulation has officially taken effect. Beyond Europe, the regulation is expected to reshape how global organisations manage, share and protect their users’ personal data. 
 
Many organisations across the world have scrambled to be ready. But based on public statements from companies and client feedback, it is clear that many companies are still not in compliance. Still, with all the high-profile data breaches and misuses we have witnessed in the last few months; i.e. Equifax and Cambridge Analytica, global businesses are taking GDPR seriously. 
 
Not knowing the extent and depth to which the EU will enforce GDPR, the potential fines of up to 4 percent of global annual revenue or 20 million euros should still inspire an immediate need to review and subsequently adjust data privacy and protection programs. 
 
As a result, companies will have to restructure how they handle data, and, if they do not have a cyber infrastructure that is sound, they will have to rebuild from the ground up including their applications. Even if the GDPR does not directly affect your organisation, the requirements and guidelines contained within can help any organisation obtain resilient data privacy and protection.
 
Who is in Compliance?
The answer differs based on several factors. Over the past few weeks there have been at least four distinct studies with very different results. On May 21, a new GDPR study carried out by the Ponemon Institute found that 40 percent of the companies surveyed would not be ready.
 
A Crowd Research Partners report drawn from the Information Security Community on LinkedIn, says that only 40 percent of the organisations surveyed would be fully compliant by today’s GDPR deadline.
 
A World Federation of Advertisers (WFA) survey stated that 95 percent of respondents planned to be fully compliant by the deadline, of which 74 percent said they believe their company would likely be fully compliant by the deadline, with 42 percent of those respondents saying they would definitely be.
 
A Netsparker GDPR survey of 300 senior executives found that only 2 percent of those surveyed said that they do not expect to be compliant by today’s deadline.
 
The various survey results indicate that there is still much confusion around GDPR. For those organisations that are playing catch-up with GDPR, the first step is to realise that they will need their customer’s permission to collect and process their data. This includes internal tools used to share or analyse the data internally, exclusive of tools that encrypt the data end to end. 
 
The steps should be prioritised by risk and execution complexity within your organisation.
 
1. Revise your procedures that define how you are going to handle an individual's request for erasing or rectifying inaccurate data. Executing this process will take the longest time so it should be prioritized.
2. Review your contracts with third parties. Their compliance is your risk exposure so you need to make sure you ensure their compliance. 
3. Review and understand how you process your customer data mapping the data processing activities across the business processes. This activity, previously put on the back burner, needs to be moved up. It is a compliance activity not a systems analysis activity. It simply isn’t an option anymore.
4. Revise your data security practices and systems to be in compliance with GDPR. The core initiative for meeting EU GDPR compliance is to protect user data. If you have not already, you need to take inventory of your data and map your data to protected EU GDPR categories. 
5. Most importantly once you have the knowledge of where your data is and how is it being used a prudent step would be to also implement a data leak prevention tool and policy to enforce GDPR systematically. 
6. It is equally important to remember why GDPR was created in the first place. The main goal of the regulation was to protect the misuse of personal data by organisations for intrusive marketing and influencing activities. 
 
Moving forward, GDPR compliance will emphasise transparency of the data. The retention and processing of our data has to be with our permission and easily auditable. 
 
Complying with GDPR will be a significant challenge to all businesses. 
However, knowing what you have to do to be in compliance is the first and most important step. This will help you quickly get to a point where you demonstrate to the regulators that you can both identify and audit your data so that you can create a practical roadmap to GDPR compliance.
 
To contact the GDPR Advisory Board please visit:  www.gdpr-board.co.uk
 
Information-Management
 
You Might Also Read: 
 
What Your Board Needs To Know About GDPR:
 
Cybersecurity Advice For SMEs:
 
 
« Demand For Indian Cybersecurity Skills Rising Fast
Cybercrime: Law Enforcement Must Get Serious »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

HackRead

HackRead

HackRead is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Smarttech247

Smarttech247

Smarttech247 deliver a range of cyber security solutions, including cognitive security services using IBM Watson for Cybersecurity, SIEM, Compliance & Governance, and Penetration Testing.

IBA Security

IBA Security

IBA Security is a center of competence consolidating the cybersecurity expertise of the IBA Group.

CM Blockchain Security Center

CM Blockchain Security Center

We are dedicated to building a healthier blockchain ecosystem, providing solutions to security technology, and helping those who practice in the area of blockchain to get insight into industry trends.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

HighGround

HighGround

HighGround offer a Cyber Security Solution for everybody, regardless of skillset, to feel empowered in their security experience in reaching Cyber Resilience.

Knowit

Knowit

Knowit support customers in the digital transformation, simplify people’s everyday lives and create secure and innovative solutions enabling a sustainable future.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.

EGUARDIAN

EGUARDIAN

EGUARDIAN serves as a Value-Added Distributor and technology enabler in the APAC region with the aim of further expanding globally and cater to the needs of the demands with the emerging technology.