June 20, 2016 By Christina Thompson 3 min read

Wake up! There’s a new data security regulation on the horizon, and it promises to have a big impact on organizations around the globe. The General Data Protection Regulation (GDPR) was signed into law last month, leaving a scant two years for businesses to evaluate their security gaps and fix them in time to be compliant and avoid some extremely hefty fines.

The storm clouds are gathering. Read on so you can prepare sufficiently and come out the other side stronger — and more trusted by your customers — than ever.

What Is GDPR?

GDPR will be replacing the current EU Data Protection Directive over the next two years. 2018 will mark the beginning of widespread unification and standardization of data privacy requirements across 28 EU member states.

This new legislation is a step in the right direction: It unifies the patchwork of 28 different privacy laws into one regulation applicable to all. This regulation certainly impacts businesses in the European Union, but it also directly affects any organization that markets to, and processes information of, EU data subjects.

As previously reported, GDPR “will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted.”

GDPR also requires breach notification without undue delay and, where feasible, within 72 hours. Few EU countries currently have regulations on breach reporting, so this is a big change.

Read the Interactive Solution Brief: Ready, Set, GDPR

Don’t Wait, Take Action Now!

Don’t wait for the GDPR storm to take you by surprise! There are three steps you should take to be prepared.

1. Evaluate Your Environment to Know What Needs Protecting

To safeguard data successfully, organizations must know what data exists and whether it contains personal information.

Under the GDPR, it will be essential to show that data is secured properly according to its sensitivity and classification. Discover and classify customer data so that you can understand the who, what, when, where and how of personal data access across all major platforms.

Understand your data retention policies, find that dormant data and remove it. Disks have become so inexpensive these days that organizations keep far too much personal data hanging around, which increases risk and can make it harder to act when a delete request comes in from a customer.

Clean house before the storm hits! While you’re at it, appoint a data protection officer (DPO) — someone who can help review all privacy notices and consent forms. This role keeps you on the right path toward compliance, reviewing external contracts and any cross-border data transfer issues. The DPO’s role is to ensure that controllers and processors respect their data protection obligations, and that data subjects are informed of their rights and obligations.

GDPR is not just for Europe — it is for any organization that processes, collects or uses personal data relating to EU subjects. So it probably applies to you.

2. Be Proactive by Building an Emergency Kit

Your emergency kit isn’t necessarily filled with physical items; it should also include security audits and tools that help ensure data protection techniques are held to the highest standard possible.

  • Conduct a GDPR readiness assessment to establish whether you are GDPR-compliant and identify which gaps must be filled.
  • Gain an understanding of the types of data protection required by GDPR (e.g., encryption, redaction and masking) and when they should be used. You should also have knowledge of the types of platforms across which customer data is scattered across — and whether your existing security solution can support them all.
  • Support real- and right-time data monitoring and alerting to meet mandatory GDPR audit, incident response and breach notification requirements.
  • Ensure you have a trusted partner that can help provide on-site support with specialized knowledge, data mapping and classification to help to deploy the right types of protection.

3. Stay Tuned for Emergency Updates

Organizations will have to stay connected to learn about the progression of the GDPR, as well as any other related data protection initiatives. A trusted services partner will be key to remaining in front of any new developments, for example. Enterprises should also watch websites such as the European Commission for any news.

Right now it’s the calm before the storm. Use this time to proactively prepare and watch the storm roll in knowing that you’ve taken the right precautions. Once it’s here, you’ll be glad you did!

Read the Interactive Solution Brief: Ready, Set, GDPR

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today