Light Dark
June 20, 2016 By Christina Thompson 3 min read
Data Protection

Wake up! There’s a new data security regulation on the horizon, and it promises to have a big impact on organizations around the globe. The General Data Protection Regulation (GDPR) was signed into law last month, leaving a scant two years for businesses to evaluate their security gaps and fix them in time to be compliant and avoid some extremely hefty fines.

The storm clouds are gathering. Read on so you can prepare sufficiently and come out the other side stronger — and more trusted by your customers — than ever.

What Is GDPR?

GDPR will be replacing the current EU Data Protection Directive over the next two years. 2018 will mark the beginning of widespread unification and standardization of data privacy requirements across 28 EU member states.

This new legislation is a step in the right direction: It unifies the patchwork of 28 different privacy laws into one regulation applicable to all. This regulation certainly impacts businesses in the European Union, but it also directly affects any organization that markets to, and processes information of, EU data subjects.

As previously reported, GDPR “will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted.”

GDPR also requires breach notification without undue delay and, where feasible, within 72 hours. Few EU countries currently have regulations on breach reporting, so this is a big change.

Read the Interactive Solution Brief: Ready, Set, GDPR

Don’t Wait, Take Action Now!

Don’t wait for the GDPR storm to take you by surprise! There are three steps you should take to be prepared.

1. Evaluate Your Environment to Know What Needs Protecting

To safeguard data successfully, organizations must know what data exists and whether it contains personal information.

Under the GDPR, it will be essential to show that data is secured properly according to its sensitivity and classification. Discover and classify customer data so that you can understand the who, what, when, where and how of personal data access across all major platforms.

Understand your data retention policies, find that dormant data and remove it. Disks have become so inexpensive these days that organizations keep far too much personal data hanging around, which increases risk and can make it harder to act when a delete request comes in from a customer.

Clean house before the storm hits! While you’re at it, appoint a data protection officer (DPO) — someone who can help review all privacy notices and consent forms. This role keeps you on the right path toward compliance, reviewing external contracts and any cross-border data transfer issues. The DPO’s role is to ensure that controllers and processors respect their data protection obligations, and that data subjects are informed of their rights and obligations.

GDPR is not just for Europe — it is for any organization that processes, collects or uses personal data relating to EU subjects. So it probably applies to you.

2. Be Proactive by Building an Emergency Kit

Your emergency kit isn’t necessarily filled with physical items; it should also include security audits and tools that help ensure data protection techniques are held to the highest standard possible.

  • Conduct a GDPR readiness assessment to establish whether you are GDPR-compliant and identify which gaps must be filled.
  • Gain an understanding of the types of data protection required by GDPR (e.g., encryption, redaction and masking) and when they should be used. You should also have knowledge of the types of platforms across which customer data is scattered across — and whether your existing security solution can support them all.
  • Support real- and right-time data monitoring and alerting to meet mandatory GDPR audit, incident response and breach notification requirements.
  • Ensure you have a trusted partner that can help provide on-site support with specialized knowledge, data mapping and classification to help to deploy the right types of protection.

3. Stay Tuned for Emergency Updates

Organizations will have to stay connected to learn about the progression of the GDPR, as well as any other related data protection initiatives. A trusted services partner will be key to remaining in front of any new developments, for example. Enterprises should also watch websites such as the European Commission for any news.

Right now it’s the calm before the storm. Use this time to proactively prepare and watch the storm roll in knowing that you’ve taken the right precautions. Once it’s here, you’ll be glad you did!

Read the Interactive Solution Brief: Ready, Set, GDPR

 |  |  |  |  | 
Christina Thompson
Portfolio Marketing Manager, IBM

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature