Are you prepared for the GDPR?

Publish date:

The general issue lies with anyone with justified and managed access to process data, for its purpose, since that’s the business need and actual reason for the data existing in the first place.

Historically, it has been argued that end users must be involved for a proper security-awareness posture to work – “don’t open attachments,” “don’t click on links,” “don’t print something without getting it from the printer,” “don’t speak in public about sensitive matters,” – i.e., the situation that some of our clients still find themselves in today. We can implement all available technical measures in terms of anti-malware, web filtering, RFID to print, but at the end of the day, we still rely on peoples’ awareness of how sensitive the information is. And, to be honest, making people aware and encouraging them to respect trade secrets is not that hard.

Neither is making the majority of them instinctively careful with email content (although “ransomware” through email with required user interaction is still “effective”). But what about the basic information that is used by millions every hour of every day – personal data?

We can identify all personal data that is processed and stored; all the business processes that are involved; all the applications and systems that are used to support, information minimization, automatic deletion routines, etc. The general issue lies with anyone with justified and managed access to process data, for its purpose, since that’s the business need and actual reason for the data existing in the first place.

Ultimately, we must do everything we can to ensure that we are compliant with the GDPR, including full SLDC with privacy/security-by-design and privacy-by-default. However, we also need to spend more time than ever on awareness. If the requirements are not truly understood by everyone, the personal data on any system can be breached.

We surveyed 1,000 executives and 6,000 consumers across eight markets to explore attitudes to, readiness for, and the opportunities of the GDPR. Download the report to read the complete findings: Seizing the GDPR advantage.

 

 

 

Related Posts

Cybersecurity

Is your Operational Technology (OT) environment insider safe?

Dan Leyman
Date icon September 8, 2020

Organizations need to exercise due diligence and care to ensure their vendors, contractors,...

Cybersecurity

Unlocking the power of AI and SOAR for end-to-end cybersecurity

Geert van der Linden
Date icon September 3, 2020

For AI to work effectively, organizations need to build a roadmap that addresses...

Cybersecurity

Identity access management (IAM) – the new normal

Dino Karanikas
Date icon August 27, 2020

Having an upgraded IAM plan in place will not only let you sleep better at night; it will...