Last month, I spoke to an audience of sales and marketing professionals at the General Data Protection Regulation (GDPR) Summit in London. I thoroughly enjoyed the experience. My presentation and live demo focused on data security and how basic defense measures can help with several of the key GDPR obligations.

When GDPR was first discussed, many feared that it would force businesses to be more insular and defensive about their data. Thankfully, the reality has been very different. Instead of seeing GDPR as a threat, many businesses see it as a welcome opportunity to get their house in order and, for once, tackle the thorny question of data protection head-on.

Understanding Your Data Security Posture

At the event I explained that the data security journey should start with understanding your data because you can’t protect what you don’t know. A necessary first step to tackling the GDPR requirements is to identify the personal data and where it is stored. As you get started, it’s also important to assess the other vulnerabilities within your environment and across your data sources to determine where your additional weaknesses are and how to address them. Some examples include missing patches, wrong user privileges and default configurations, such as usernames and passwords.

Once you understand the gaps and exposures, you can take immediate steps to address those gaps and harden the personal data sources. This might involve data minimization, encryption and pseudonymization. For instance, Dutch multinational bank and financial services company Rabobank is working with IBM to use cryptographic pseudonyms on its clients’ personal data to innovate around new financial regulations in the European Union (EU).

The next step is to start monitoring data sources that contain personal data and take action if any suspicious behavior occurs. Monitoring also provides security of processing reports for authorized and unauthorized activities to personal data and enables security teams to detect and investigate data breaches.

Mapping Your GDPR Journey

GDPR compliance is a long journey that involves a combination of adapting processes and procedures and implementing strong technical controls. If you haven’t already done so, this is the time to begin identifying and mapping how all your GDPR-related data is collected and used, where it’s stored, and who can access it. The better you understand where you are in your GDPR journey, the easier it will be for you to identify what you need to do next to reach your destination. That’s where IBM can help you move forward.

For security and privacy leaders who need to address the rules established by the EU GDPR, IBM Security is a trusted solutions provider. With a holistic GDPR-focused framework, offering software, services and GDPR-specific tools, IBM can help organizations prepare to protect personal data and operate in conformance with GDPR requirements — regardless of where they may be in their readiness journey.

ASSESS THE PROGRESS OF YOUR GDPR JOURNEY WITH YOUR PERSONALIZED GUIDE TO GDPR READINESS

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

Top Three Reasons Why GDPR Can Be Good for Business

More from Data Protection

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Advanced analytics can help detect insider threats rapidly

2 min read - While external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 million. To effectively combat this danger, integrating advanced analytics into data security software has become a critical and proactive defense strategy. Understanding insider threats Insider threats come from users who abuse authorized access to…

One simple way to cut ransomware recovery costs in half

4 min read - Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost for those that use backups is half the cost incurred by those that paid the ransom, according to a recent study. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. Despite this fact, the use of backups is actually falling. This was one of the…