September 20, 2017 By Vikalp Paliwal 4 min read

Your mission, should you choose to accept it, involves the identification and protection of the Personal Data of residents in the European Union (EU). You may select key data security solutions to aid you. You have only eight months to complete this mission. Continue reading for specific steps to take. This message will self-destruct in 10 seconds.

Sound intimidating? The General Data Protection Regulation (GDPR) impacts any organization that deals with the information of current, past or prospective customers (Data Subjects) in the EU. Organizations around the world are scrambling to assess their GDPR readiness before May 2018, when the regulation takes effect.

View IBM Security’s interactive guide to GDPR readiness

GDPR Basics

The GDPR will replace the current EU Data Protection Directive. Is it designed to unify data privacy requirements across all 28 EU member states. Per the GDPR, Data Subjects — which include end users, customers and employees, among others — have the right to make a claim if their data is not protected in compliance with the GDPR regulations. Further, EU regulators have the right to impose huge fines for violations.

Data protection is a key concern for businesses. The GDPR creates more obligation and liability for Data Processors and Controllers. As previously reported, the GDPR “will enact stricter guidelines on getting consent for data collection, individual profiling and more comprehensive definitions of data. It all points to a new imperative to manage data at a granular, data-element level by understanding where the data is located, where it flows, with whom it is shared, what consent is given and when data must be deleted” to fully support the right to be forgotten. Additionally, businesses are required to notify customers within 72 hours of a data breach.

Launching Your GDPR Readiness Mission

To get your GDPR readiness mission underway, you first need to answer some critical sleuthing questions regarding Personal Data:

  • Where is all Personal Data stored?
  • What does the Personal Data look like?
  • How much is at risk if it’s stolen or exposed?
  • Who is accessing or trying to access Personal Data? Are bad guys trying to delete or steal it?
  • When are they trying to steal or expose it?

Just as Ethan Hunt, the hero in the “Mission: Impossible” series, had nifty gadgets to help him on his mission, IT teams need the right tools to help them answer those critical questions. You can hasten your success by looking for product capabilities designed to support your GDPR needs.

First, consider taking a self-paced GDPR assessment to help you understand your position. Next, tackle the question of what Personal Data falls under the purview of the GDPR. You can set yourself in the right direction by leveraging a product with automated discovery and prebuilt classification patterns that can identify relevant data.

Once you know what you are looking for, determine where the data is stored. To do this, seek out a product that has GDPR-specific vulnerability and risk assessment capabilities. These tools can scan for data sources that contain GDPR-specific Personal Data.

After you know what Personal Data exists and where it’s located, you can tackle the question of who is accessing it. To do this, you’ll need a solution that provides predefined policy rules and groups that help monitor, audit, record and provide alerts on any unauthorized activities related to that Personal Data. Real-time activity monitoring can also provide this insight.

Finally, it’s important to keep track of what’s happening to all that Personal Data in real time and respond according to the GDPR requirements. For this project, seek a solution that provides prebuilt GDPR-centric reports that identify who has accessed Personal Data, where they accessed it from, when it was accessed and how it was accessed. You can use this information to send notifications to auditors, controllers and data protection officers using a Data Security Compliance Review process.

Mission: Accelerated

IBM Security Guardium now offers a GDPR Accelerator. This tool provides a suite of prebuilt and ready-to-deploy tools to help you get started and speed your mission along the path to success. Using the Accelerator’s prebuilt classification patterns to help you locate GDPR-governed Personal Data, plus the built-in Personal Data Security Assessment tests, you are better able to understand the scope of your mission and how to proceed. Once you locate and fix any issues with the sources that contain your Personal Data, you can start monitoring them and take action if suspicious behavior occurs.

The Accelerator includes prebuilt policy rules and groups that enable you to perform continuous monitoring more quickly. The prebuilt policy rules help protect Personal Data from unauthorized access and activities, including changes, removal, replication or deletion of records. The tool also offers Security of Processing reports, which you can select on a user, controller or application basis, for data activity monitoring of all authorized and unauthorized activities.

Finally, the Guardium GDPR Accelerator provides an automated compliance audit review process to support GDPR compliance. This capability automates the notification and review process for simplified, faster escalations and sign off on the prebuilt audit reports for Personal Data activities, which should be documented, recorded and reviewed.

Get on Track

Once you’re on the right path, you can begin dealing with more focused means of protecting the Personal Data you’ve located, classified and begun monitoring. Encryption, redaction and masking can then be applied to support the appropriate levels of pseudonymization your organization and its data requires.

The mission to protect Personal Data and comply with the GDPR is a crucial one. To complete your mission before time runs out, you’ll need to equip yourself with the right tools and capabilities to meet the challenge head-on.

View IBM Security’s interactive guide to GDPR readiness

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today