Last month, I spoke to an audience of sales and marketing professionals at the General Data Protection Regulation (GDPR) Summit in London. I thoroughly enjoyed the experience. My presentation and live demo focused on data security and how basic defense measures can help with several of the key GDPR obligations.

When GDPR was first discussed, many feared that it would force businesses to be more insular and defensive about their data. Thankfully, the reality has been very different. Instead of seeing GDPR as a threat, many businesses see it as a welcome opportunity to get their house in order and, for once, tackle the thorny question of data protection head-on.

Understanding Your Data Security Posture

At the event I explained that the data security journey should start with understanding your data because you can’t protect what you don’t know. A necessary first step to tackling the GDPR requirements is to identify the personal data and where it is stored. As you get started, it’s also important to assess the other vulnerabilities within your environment and across your data sources to determine where your additional weaknesses are and how to address them. Some examples include missing patches, wrong user privileges and default configurations, such as usernames and passwords.

Once you understand the gaps and exposures, you can take immediate steps to address those gaps and harden the personal data sources. This might involve data minimization, encryption and pseudonymization. For instance, Dutch multinational bank and financial services company Rabobank is working with IBM to use cryptographic pseudonyms on its clients’ personal data to innovate around new financial regulations in the European Union (EU).

The next step is to start monitoring data sources that contain personal data and take action if any suspicious behavior occurs. Monitoring also provides security of processing reports for authorized and unauthorized activities to personal data and enables security teams to detect and investigate data breaches.

Mapping Your GDPR Journey

GDPR compliance is a long journey that involves a combination of adapting processes and procedures and implementing strong technical controls. If you haven’t already done so, this is the time to begin identifying and mapping how all your GDPR-related data is collected and used, where it’s stored, and who can access it. The better you understand where you are in your GDPR journey, the easier it will be for you to identify what you need to do next to reach your destination. That’s where IBM can help you move forward.

For security and privacy leaders who need to address the rules established by the EU GDPR, IBM Security is a trusted solutions provider. With a holistic GDPR-focused framework, offering software, services and GDPR-specific tools, IBM can help organizations prepare to protect personal data and operate in conformance with GDPR requirements — regardless of where they may be in their readiness journey.

ASSESS THE PROGRESS OF YOUR GDPR JOURNEY WITH YOUR PERSONALIZED GUIDE TO GDPR READINESS

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

Top Three Reasons Why GDPR Can Be Good for Business

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…