Strategically Positioned to Assist Your Organization with the Cyber Security Components of GDPR

General Data Protection Regulation (GDPR)

The General Data Protection Regulation will come into effect May of 2018. Whether an organization resides in the EU or merely transmits EU citizen data, global companies are working frantically to comply with the sweeping regulation. Adding to the complication, GDPR effects departments across the enterprise – legal, IT and security – leading to the need to work cross-functionally across the organization.

GDPR outlines the following cyber security requirements:

  • Defines lawfulness of processing data to include consent by data subjects, privacy by designing, the right to be forgotten and data portability requirements
  • Outlines responsibilities of controllers and processors
  • Requires Privacy Impact Assessment and appointment of a data protection officer
  • Enforces strict breach notification requirements

This regulation is unprecedented, and it is imperative your organization develop a plan for execution to include people, process and technology. Your security department should assess itself across the six key security components of GDPR and develop a business aligned plan in conjunction with the IT and legal teams.

  • Data Governance – Understand GDPR regulations as it relates to the business and then activate a plan to meet those obligations.
  • Data Classification - Analyze what data within the environment is relevant to GDPR and develop proper classification scheme for ongoing data management.
  • Data Discovery - Determine where sensitive data is stored across your environment and set up policies and procedures to manage it.
  • Data Access - Recognize who has access to data and set up policies and procedures for access management and governance.
  • Data Handling - Prepare for the chance of an incident, ensure that plans are in place to meet GDPR obligations regarding the handling of sensitive information.
  • Data Protection - Plan, build and run an appropriate security program for the protection of sensitive information.

 


Why Optiv? 

Optiv has the proven ability to look at your organization's security and privacy program holistically. Our goal is to help your business evolve and improve your security program, and as a result, meet GDPR requirements, not the other way around. Optiv can help your organization to not only create a plan, but execute and maintain that plan to include people, process and technology. If you are just getting started or already executing to a GDPR roadmap, Optiv provides solutions to reach GDPR compliance without the noise. The time has come to execute – a great place to start is with Optiv’s GDPR Readiness Review.

GDPR


9,000

Number of data privacy officers needed to satisfy the DPO requirement of GDPR in the United States*

72

Maximum number of hours allowed to report a security incident once it has been discovered**

52 %

Percentage of US companies reporting they possess EU citizen data and are therefore subject to GDPR***

 

 

 

 

*Source: The International Association of Privacy Professionals
**Source: The International Association of Privacy Professionals
***Source: Compuware


 

Get In Touch

Whether you are looking for general information or have a specific question, we want to help.

Contact Us