New data protection rules in the European Union have now been published after the European Parliament adopted the General Data Protection Regulation (GDPR) in late April. While the law won't be enforceable for approximately another two years, its ultimate goal is to harmonize data protection laws across the 28 EU member states and "make Europe fit for the digital age."
The GDPR aims to "give citizens back control over of their personal data, and to simplify the regulatory environment for business." The regulation will place a clear onus on businesses that collect and manage the personal information of EU citizens to protect that information from misuse.
With the introduction of the GDPR, all businesses processing the personal data of EU citizens will be fined up to four percent of global revenue in the event non-compliance. Organizations worldwide are therefore under more pressure than ever to guarantee the security of their customers' personal data, while being able to demonstrate this security to customers.
In anticipation of the GDPR, businesses must ramp up efforts around data security.
Here are five ways to help accomplish this effectively:
The deadline for EU countries to transpose the GDPR into their national law is May 6, 2018. That doesn't not present a lot of time for complex global firms to overhaul their policies, procedures and technology to achieve compliance. A great first step is for businesses to carry out a risk assessment against the expected standard.
One of the largest tasks that lie ahead for organizations is the need to map their entire data footprint. Firms must determine what information exists and where, including unstructured data in the cloud and that which is shared with partners and other third-parties.
The longer breaches go undetected the more damage they may cause, adding to the reputational damage and potentially to the financial penalty that offending business may suffer. Firms can look to embrace advanced analytics and expert threat analysis to help detect threats in near real-time.
A compliance regime is only as strong as the employees who help you adhere to it. Ensure all employees are trained fully in data privacy, social engineering attack vectors and the relevant elements of the GDPR. Put in place clear protocols for employees to follow when handling personal data.
A key challenge for companies is finding skilled professionals capable of helping them achieve security and compliance. Demand for qualified practitioners is forecasted to outstrip supply by a third before the end of the decade, putting real pressure on organizations as cyberattacks increase and regulations become more stringent. In this environment, there is an increasing need for businesses to seek assistance from managed security services providers (MSSPs). A MSSP can help provide the much-needed security relief that resource-strapped organizations require.
Jane Dotsenko is Trustwave marketing manager in EMEA.