June 20, 2016 By Christina Thompson 3 min read

Wake up! There’s a new data security regulation on the horizon, and it promises to have a big impact on organizations around the globe. The General Data Protection Regulation (GDPR) was signed into law last month, leaving a scant two years for businesses to evaluate their security gaps and fix them in time to be compliant and avoid some extremely hefty fines.

The storm clouds are gathering. Read on so you can prepare sufficiently and come out the other side stronger — and more trusted by your customers — than ever.

What Is GDPR?

GDPR will be replacing the current EU Data Protection Directive over the next two years. 2018 will mark the beginning of widespread unification and standardization of data privacy requirements across 28 EU member states.

This new legislation is a step in the right direction: It unifies the patchwork of 28 different privacy laws into one regulation applicable to all. This regulation certainly impacts businesses in the European Union, but it also directly affects any organization that markets to, and processes information of, EU data subjects.

As previously reported, GDPR “will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted.”

GDPR also requires breach notification without undue delay and, where feasible, within 72 hours. Few EU countries currently have regulations on breach reporting, so this is a big change.

Read the Interactive Solution Brief: Ready, Set, GDPR

Don’t Wait, Take Action Now!

Don’t wait for the GDPR storm to take you by surprise! There are three steps you should take to be prepared.

1. Evaluate Your Environment to Know What Needs Protecting

To safeguard data successfully, organizations must know what data exists and whether it contains personal information.

Under the GDPR, it will be essential to show that data is secured properly according to its sensitivity and classification. Discover and classify customer data so that you can understand the who, what, when, where and how of personal data access across all major platforms.

Understand your data retention policies, find that dormant data and remove it. Disks have become so inexpensive these days that organizations keep far too much personal data hanging around, which increases risk and can make it harder to act when a delete request comes in from a customer.

Clean house before the storm hits! While you’re at it, appoint a data protection officer (DPO) — someone who can help review all privacy notices and consent forms. This role keeps you on the right path toward compliance, reviewing external contracts and any cross-border data transfer issues. The DPO’s role is to ensure that controllers and processors respect their data protection obligations, and that data subjects are informed of their rights and obligations.

GDPR is not just for Europe — it is for any organization that processes, collects or uses personal data relating to EU subjects. So it probably applies to you.

2. Be Proactive by Building an Emergency Kit

Your emergency kit isn’t necessarily filled with physical items; it should also include security audits and tools that help ensure data protection techniques are held to the highest standard possible.

  • Conduct a GDPR readiness assessment to establish whether you are GDPR-compliant and identify which gaps must be filled.
  • Gain an understanding of the types of data protection required by GDPR (e.g., encryption, redaction and masking) and when they should be used. You should also have knowledge of the types of platforms across which customer data is scattered across — and whether your existing security solution can support them all.
  • Support real- and right-time data monitoring and alerting to meet mandatory GDPR audit, incident response and breach notification requirements.
  • Ensure you have a trusted partner that can help provide on-site support with specialized knowledge, data mapping and classification to help to deploy the right types of protection.

3. Stay Tuned for Emergency Updates

Organizations will have to stay connected to learn about the progression of the GDPR, as well as any other related data protection initiatives. A trusted services partner will be key to remaining in front of any new developments, for example. Enterprises should also watch websites such as the European Commission for any news.

Right now it’s the calm before the storm. Use this time to proactively prepare and watch the storm roll in knowing that you’ve taken the right precautions. Once it’s here, you’ll be glad you did!

Read the Interactive Solution Brief: Ready, Set, GDPR

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today