There’s a growing buzz about this new regulation called GDPR (General Data Protection Regulation). It requires any organization that stores, processes, or transmits personal data on European Union citizens (even organizations outside of the EU) to undertake “data protection by design” and “data protection by default” with regard to that information. A major component of the regulation is the requirement to report “without undue delay, where feasible within 72 hours is data is unlawfully, destroyed, lost, altered, accessed by or disclosed to unauthorized persons where there is a risk to individual rights.”
In English, if you have a breach you must report it and you must prove that you have sufficient measures in place to prevent such breaches. The most egregious violators of GDPR can face penalties of up to 4% of annual global revenue.
In a recent survey sponsored by One Identity we found that while a fair number of people are somewhat familiar with GDPR, far fewer feel prepared for its “going live” in early 2018. However among those that did feel prepared a few fundamental security technologies seemed to be the common denominators that fostered that confidence.
While GDPR is facilitated by data encryption, network security, and email security, I’d like to focus on five key identity and access management (IAM) approaches that will also greatly aid GDPR compliance. In general, those organizations that felt prepared for GDPR had the highest levels of confidence in their deployment and use of the following IAM solutions:
If you’d like to learn how you can add (or improve) any of these IAM disciplines in your organization to accelerate your readiness for GDPR, download our new eBook that details the regulation, the survey results, and the how’s and why’s of these key IAM technologies.
GDPR is coming, but it doesn’t have to be as scary as it sounds.
For a complete explanation of IAM’s role in GDPR compliance visit our resource page.