Eight Steps To The GDPR Countdown

Uploaded on 2017-06-02 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

One year from now, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses work with the personal data of citizens and residents of the EU. 

GDPR was approved a year ago and will be going into effect in another year. It applies directly to organisations within the EU, but also applies to organisations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.

Step 1: Partners
Select partners, legal, technical, and strategic, that might be qualified to assist with GDPR compliance. They should be familiar with the effects that the regulation will have on your particular industry. Your organisation's size and location might also factor into your decision.
Step 2: Readiness assessment
Do an early assessment of how you are often likely to be affected by GDPR. Determine if you have EU customers or handle data from partners and customers that do. Find out if your business has any plans to do business in the EU or might be hiring EU citizens sometime in the future.
Step 3: Get ready to tackle GDPR as a business initiative
Don't be lulled into thinking of the move to GDPR compliance as a technology-only project. Consider its impact on all business units – legal, financial, personnel, etc. Technology can certainly help to bring about your transition to GDPR compliance, but it's not a magic pill.
Step 4: Identify and map your data
Consider all the data that your business collects, processes and stores. Get a clear view of how it is stored and backed up, and how it moves through your organization. Also, consider who has access.
Step 5: Create a plan that exceeds regulatory minimums
While you're preparing for GDPR, take a broader look at all the data your organization processes. Pay particular attention to personal data and corporate intellectual property. Create and implement training programs to keep staff attuned to both risks and processes for proper handling of sensitive data. If you don't already have an incident response plan, create one. If you do, make sure that it's being followed and that records are kept so that your incident response performance can be reviewed.
Step 6: Document your audits
Be careful to document the steps that you take to audit your procedures and ensure that your control procedures are being followed. Proper records and evidence of your efforts to be vigilant in protecting sensitive information could be very valuable and help you to avoid fines if a security incident is identified.
Step 7: Protect data at rest and in motion
Don't lose sight of the fact that data moving across your network might be most vulnerable. Use encrypted connections whenever possible. Control and monitor who has access to shared drives. Remember, too, that jurisdiction and rules change as data moves across borders.
Step 8: Implement process automation
Use automation to avoid human error as much as possible. Heavily test your processes before relying on them. Think of GDPR compliance as one more reason to address operational inefficiencies across the board.
One year from now ...

This time next year, you could be confident that your processes and data protection measures are going to make this a good day, but you need to start focusing on how you're going to get to that comfort zone. The one-year countdown starts today.

Computerworld:     

You Might Also Read:

EU’s New Data Rules Are 1 Year Away:

Auditors Need To Know About Cyber Security:

Auditors Need To Know About Cyber Security:


 

« Russian Hackers Sow Disinformation Via Leaks
Ignoring Software Updates… »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Techfusion

Techfusion

Techfusion is a cyber security research and consulting firm focusing on digital forensics and data recovery.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.