Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why the GDPR is as Much of a Mind Shift as a Regulation

The General Data Protection Regulation (GDPR) affects all organizations that do business with the European Union and its residents. Which means it is the rare company around the globe that isn't impacted by the GDPR.

Despite years of preparation for the onset of this regulation - the legislation was proposed in 2015 - most organizations are not fully prepared for the GDPR, even as it becomes the law.

The GDPR is broad in scope and focused on the entirety of the flow of personal data in all its forms throughout an organization. Even if an organization wanted to, it would be difficult to simply tick compliance boxes for GDPR. The boxes don't exist.

What GDPR is really asking organizations to do is to change their mindset about personal data and who the owner of the data is. Dave Burleigh, one of our GDPR experts at Trustwave, says that "personal data is like DNA in document form." The data subject is clearly the owner of that DNA and should maintain rights about when, where and how that DNA is shared and when it is refused or retracted.

It remains to be seen how swiftly penalties are enacted for GDPR violations and how broadly across the globe. But it's fairly easy to predict that the GDPR is just a precursor of increasingly stringent data privacy regulations in other regions. Thus, as you drive your organization toward compliance with GDPR, implementing these high data privacy standards for residents of any country may offer you future proofing for upcoming regulations from other regions.

Changing your organizational culture's approach to managing personal data will require persistent effort that affects gathering, storing, accessing and processing personal data. From your initial analysis of your current data flow to the opportunity to build "privacy by design" in to new systems and processes, participation from the entire organization is required. It can't be a siloed IT project. The GDPR calls for an ongoing and unified program.

Wherever your organization is in relation to GDPR requirements, you should take a strategic look at how you can make the changes in both mindset and processes to develop an effective and ongoing data privacy and security lifecycle.

Dixie Fisher is a senior product marketing manager of compliance solutions at Trustwave.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More