You’ve overcome organizational and reporting challenges from PCI, SOX, HIPAA, GLB and all the other alphabet-soup regulations. Now, here comes the European Union General Data Protection Regulation (GDPR), which applies to most of us, whether we like it or not – and it goes into effect on May 25, 2018.
In general, GDPR aims to provide citizens of the EU with clear and understandable information with regard to the processing, storage, use, and above all, protection of their personal information by organizations that possess and process it. One major factor of GDPR, and perhaps the most challenging for IT organizations, is the requirement to notify both individuals and the relevant data authority “without undue delay, where feasible within 72 hours if data is unlawfully destroyed, lost, altered, accessed by or disclosed to unauthorized persons, where there is a risk to individuals’ rights.”
What this all means is that if you store, process or transmit personal data on citizens of the European Union, you are required to abide by GDPR – even if you are not a European-based organization. In other words, if you have customers that are EU citizens, it’s time to get ready for this regulation, if you haven’t already.
The problem is that outside of the EU, there are still many organizations that feel unprepared for this regulation. And even those in the EU, although they know about GDPR, many don’t feel ready either. But there is a light at the end of the tunnel. Organizations that do feel prepared for GDPR have a few common security technology competencies that support their confidence. Really, it’s about doing the things we all should be doing anyway, but doing them with a little more rigor, additional oversight, and by breaking down data silos wherever possible.
If you want to see an informative, yet quick-read visual representation, check out our infographic, and if you want insight into which technologies and practices are most likely to help you achieve GDPR compliance, check out our eBook.
We’ve survived the alphabet avalanche before, and we can survive the addition of GDPR now, we just have to be smart about it.
For a complete explanation of IAM’s role in GDPR compliance, visit our resource page.