Light Dark
December 16, 2016 By Cathal O'Donovan 2 min read
Cloud Security
Data Protection

In December 2015, the European Union (EU) announced a framework designed to combine the various data protection laws throughout the region. The General Data Privacy Regulation (GDPR) impacts many industries, from coffee shops to football clubs. It essentially affects any institution that retains personal information, especially businesses that store or handle data in multiple countries. In this digital age, our end users could be anywhere.

New Challenges Under the GDPR Compliance Regulations

Preparing for the GDPR compliance regulations is a companywide challenge, not just for the ops and compliance teams. The regulation will broaden the scope of what qualifies as personal and sensitive information when it takes effect in May 2018, requiring security teams to review how they store and encrypt this data. Additionally, companies will be required to produce copies of any customer data it collects upon request.

Under the GDPR, companies must report data breaches to the Supervisory Authority (SA) within 72 hours. This will require chief information security officers (CISOs), chief technology officers (CTOs) and legal teams to review or create processes and procedures and adopt new technologies. To remain compliant with the GDPR, IT leaders must equip their security ecosystems with effective identity and access management (IAM), encryption, log management and incident management tools.

Preparing for the GDPR

To prepare for the GDPR, executives, employees and managers must understand how it impacts operational practices at every level. Cloud operations managers must determine what personal data they are currently storing, where it lives, how it flows within the organization and how it is secured. Determine how personal data is shared and whether third parties will need to access it.

It’s important to review all data retention schedules, cross-border data transfers and privacy notices. IT managers should also work with the lines of business to review data subject consent and choice mechanisms. Then they determine how to respond to access, correction and erasure requests.

Organizations must take these steps as soon as possible or risk paying up to 4 percent of their annual revenue for violating the GDPR compliance regulations.

Read the Interactive Solution Brief: Ready, Set, GDPR

 |  |  |  |  |  | 
Cathal O'Donovan
DevOps Manager, IBM

More from Cloud Security
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 4, 2024

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

March 14, 2024

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature