May 23, 2018 By Marco Ercolani 3 min read

Last month, I spoke to an audience of sales and marketing professionals at the General Data Protection Regulation (GDPR) Summit in London. I thoroughly enjoyed the experience. My presentation and live demo focused on data security and how basic defense measures can help with several of the key GDPR obligations.

When GDPR was first discussed, many feared that it would force businesses to be more insular and defensive about their data. Thankfully, the reality has been very different. Instead of seeing GDPR as a threat, many businesses see it as a welcome opportunity to get their house in order and, for once, tackle the thorny question of data protection head-on.

Understanding Your Data Security Posture

At the event I explained that the data security journey should start with understanding your data because you can’t protect what you don’t know. A necessary first step to tackling the GDPR requirements is to identify the personal data and where it is stored. As you get started, it’s also important to assess the other vulnerabilities within your environment and across your data sources to determine where your additional weaknesses are and how to address them. Some examples include missing patches, wrong user privileges and default configurations, such as usernames and passwords.

Once you understand the gaps and exposures, you can take immediate steps to address those gaps and harden the personal data sources. This might involve data minimization, encryption and pseudonymization. For instance, Dutch multinational bank and financial services company Rabobank is working with IBM to use cryptographic pseudonyms on its clients’ personal data to innovate around new financial regulations in the European Union (EU).

The next step is to start monitoring data sources that contain personal data and take action if any suspicious behavior occurs. Monitoring also provides security of processing reports for authorized and unauthorized activities to personal data and enables security teams to detect and investigate data breaches.

Mapping Your GDPR Journey

GDPR compliance is a long journey that involves a combination of adapting processes and procedures and implementing strong technical controls. If you haven’t already done so, this is the time to begin identifying and mapping how all your GDPR-related data is collected and used, where it’s stored, and who can access it. The better you understand where you are in your GDPR journey, the easier it will be for you to identify what you need to do next to reach your destination. That’s where IBM can help you move forward.

For security and privacy leaders who need to address the rules established by the EU GDPR, IBM Security is a trusted solutions provider. With a holistic GDPR-focused framework, offering software, services and GDPR-specific tools, IBM can help organizations prepare to protect personal data and operate in conformance with GDPR requirements — regardless of where they may be in their readiness journey.

ASSESS THE PROGRESS OF YOUR GDPR JOURNEY WITH YOUR PERSONALIZED GUIDE TO GDPR READINESS

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

Top Three Reasons Why GDPR Can Be Good for Business

More from Data Protection

Third-party access: The overlooked risk to your data protection plan

2 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors.The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In this…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today