June 20, 2016 By Christina Thompson 3 min read

Wake up! There’s a new data security regulation on the horizon, and it promises to have a big impact on organizations around the globe. The General Data Protection Regulation (GDPR) was signed into law last month, leaving a scant two years for businesses to evaluate their security gaps and fix them in time to be compliant and avoid some extremely hefty fines.

The storm clouds are gathering. Read on so you can prepare sufficiently and come out the other side stronger — and more trusted by your customers — than ever.

What Is GDPR?

GDPR will be replacing the current EU Data Protection Directive over the next two years. 2018 will mark the beginning of widespread unification and standardization of data privacy requirements across 28 EU member states.

This new legislation is a step in the right direction: It unifies the patchwork of 28 different privacy laws into one regulation applicable to all. This regulation certainly impacts businesses in the European Union, but it also directly affects any organization that markets to, and processes information of, EU data subjects.

As previously reported, GDPR “will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted.”

GDPR also requires breach notification without undue delay and, where feasible, within 72 hours. Few EU countries currently have regulations on breach reporting, so this is a big change.

Read the Interactive Solution Brief: Ready, Set, GDPR

Don’t Wait, Take Action Now!

Don’t wait for the GDPR storm to take you by surprise! There are three steps you should take to be prepared.

1. Evaluate Your Environment to Know What Needs Protecting

To safeguard data successfully, organizations must know what data exists and whether it contains personal information.

Under the GDPR, it will be essential to show that data is secured properly according to its sensitivity and classification. Discover and classify customer data so that you can understand the who, what, when, where and how of personal data access across all major platforms.

Understand your data retention policies, find that dormant data and remove it. Disks have become so inexpensive these days that organizations keep far too much personal data hanging around, which increases risk and can make it harder to act when a delete request comes in from a customer.

Clean house before the storm hits! While you’re at it, appoint a data protection officer (DPO) — someone who can help review all privacy notices and consent forms. This role keeps you on the right path toward compliance, reviewing external contracts and any cross-border data transfer issues. The DPO’s role is to ensure that controllers and processors respect their data protection obligations, and that data subjects are informed of their rights and obligations.

GDPR is not just for Europe — it is for any organization that processes, collects or uses personal data relating to EU subjects. So it probably applies to you.

2. Be Proactive by Building an Emergency Kit

Your emergency kit isn’t necessarily filled with physical items; it should also include security audits and tools that help ensure data protection techniques are held to the highest standard possible.

  • Conduct a GDPR readiness assessment to establish whether you are GDPR-compliant and identify which gaps must be filled.
  • Gain an understanding of the types of data protection required by GDPR (e.g., encryption, redaction and masking) and when they should be used. You should also have knowledge of the types of platforms across which customer data is scattered across — and whether your existing security solution can support them all.
  • Support real- and right-time data monitoring and alerting to meet mandatory GDPR audit, incident response and breach notification requirements.
  • Ensure you have a trusted partner that can help provide on-site support with specialized knowledge, data mapping and classification to help to deploy the right types of protection.

3. Stay Tuned for Emergency Updates

Organizations will have to stay connected to learn about the progression of the GDPR, as well as any other related data protection initiatives. A trusted services partner will be key to remaining in front of any new developments, for example. Enterprises should also watch websites such as the European Commission for any news.

Right now it’s the calm before the storm. Use this time to proactively prepare and watch the storm roll in knowing that you’ve taken the right precautions. Once it’s here, you’ll be glad you did!

Read the Interactive Solution Brief: Ready, Set, GDPR

More from Data Protection

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today