General Data Protection Regulation (GDPR)
The General Data Protection Regulation will come into effect May of 2018. Whether an organization resides in the EU or merely transmits EU citizen data, global companies are working frantically to comply with the sweeping regulation. Adding to the complication, GDPR effects departments across the enterprise – legal, IT and security – leading to the need to work cross-functionally across the organization.
GDPR outlines the following cyber security requirements:
This regulation is unprecedented, and it is imperative your organization develop a plan for execution to include people, process and technology. Your security department should assess itself across the six key security components of GDPR and develop a business aligned plan in conjunction with the IT and legal teams.
- Data Governance – Understand GDPR regulations as it relates to the business and then activate a plan to meet those obligations.
- Data Classification - Analyze what data within the environment is relevant to GDPR and develop proper classification scheme for ongoing data management.
- Data Discovery - Determine where sensitive data is stored across your environment and set up policies and procedures to manage it.
- Data Access - Recognize who has access to data and set up policies and procedures for access management and governance.
- Data Handling - Prepare for the chance of an incident, ensure that plans are in place to meet GDPR obligations regarding the handling of sensitive information.
- Data Protection - Plan, build and run an appropriate security program for the protection of sensitive information.