Security Priorities And Why GDPR Is Extremely Important
GDPR stands for General Data Protection Regulation
It’s the European Union’s new data protection law and came into effect on 25 May 2018. The GDPR doesn’t just apply to European organisations. It applies to any organisation, anywhere in the world, that processes personal data relating to an individual who resides in the European Union. So even if you’re an Australian organisation, there’s a strong chance that the GDPR still applies to you, your clients, and the work you undertake online.
At its core, the GDPR legislation is about ensuring privacy is respected as a fundamental right and that personal data is kept private and secure. However, it’s important to note the costs of noncompliance can be severe. These can include a fine of up to 4 percent of global turnover (revenues) or €20 million; whichever is higher, plus a temporary or permanent suspension of the right to access or process EU data.
There are 3 major questions an organisation must consider when assessing their GDPR compliance:
- Where is all the personal data located?
You first need to be able to identify all the personal data you process. GDPR defines personal data widely, including a few new categories such as IP addresses and digital images. If you don’t have full visibility of your data, either because you don’t know what data to search for, or your unable to search for data in shadow IT or cloud applications, then you may have a problem.- Where is all the personal data located?
You first need to be able to identify all the personal data you process. GDPR defines personal data widely, including a few new categories such as IP addresses and digital images. If you don’t have full visibility of your data, either because you don’t know what data to search for, or your unable to search for data in shadow IT or cloud applications, then you may have a problem.- How do you ensure data is protected, including after a breach?
User Access Control – Ensure only a limited amount of people have access to files containing personal data. So even if one of these files has been widely distributed, the risk of data breach is limited. If a user accounts have been compromised, the ability to revoke a user’s file access or suspending access rights completely adds to your defence.To address the questions posed above, your organisation needs to:
- Reliably find personal data, anywhere
- Assess and manage risk posed by bad actors accessing your data
- Ensure data is protected and kept usable, even when shared with third parties
To discover data across on-premises and cloud environments, organisations are deploying data loss prevention (DLP) and cloud access security broker (CASB) solutions together. This approach extends DLP policies and data discovery capabilities to give you visibility into the cloud (including shadow cloud applications).
Once you’ve discovered data, you need to protect it. To support collaboration with third-parties, a strong approach combines encryption, user identity, and rights management. This ensures only legitimate users can access a file; their identity both decrypts the file and is used to control the access permissions (for example, edit, print, and save functionality). You can centrally monitor user access and revoke it as circumstances dictate.
If a breach takes place, an Information Centric Analytics platform can prioritise the most critical data to enable you to remediate the damage. It also allows you to analyse forensic data which can identify root causes, leading you to improve your security controls.
Click here to learn more about GDPR and data loss prevention.