Light Dark
December 16, 2016 By Cathal O'Donovan 2 min read
Cloud Security
Data Protection

In December 2015, the European Union (EU) announced a framework designed to combine the various data protection laws throughout the region. The General Data Privacy Regulation (GDPR) impacts many industries, from coffee shops to football clubs. It essentially affects any institution that retains personal information, especially businesses that store or handle data in multiple countries. In this digital age, our end users could be anywhere.

New Challenges Under the GDPR Compliance Regulations

Preparing for the GDPR compliance regulations is a companywide challenge, not just for the ops and compliance teams. The regulation will broaden the scope of what qualifies as personal and sensitive information when it takes effect in May 2018, requiring security teams to review how they store and encrypt this data. Additionally, companies will be required to produce copies of any customer data it collects upon request.

Under the GDPR, companies must report data breaches to the Supervisory Authority (SA) within 72 hours. This will require chief information security officers (CISOs), chief technology officers (CTOs) and legal teams to review or create processes and procedures and adopt new technologies. To remain compliant with the GDPR, IT leaders must equip their security ecosystems with effective identity and access management (IAM), encryption, log management and incident management tools.

Preparing for the GDPR

To prepare for the GDPR, executives, employees and managers must understand how it impacts operational practices at every level. Cloud operations managers must determine what personal data they are currently storing, where it lives, how it flows within the organization and how it is secured. Determine how personal data is shared and whether third parties will need to access it.

It’s important to review all data retention schedules, cross-border data transfers and privacy notices. IT managers should also work with the lines of business to review data subject consent and choice mechanisms. Then they determine how to respond to access, correction and erasure requests.

Organizations must take these steps as soon as possible or risk paying up to 4 percent of their annual revenue for violating the GDPR compliance regulations.

Read the Interactive Solution Brief: Ready, Set, GDPR

 |  |  |  |  |  | 
Cathal O'Donovan
DevOps Manager, IBM

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature