The GDPR legislation, which stands for General Data Privacy Regulation, becomes effective soon—on May 25th to be exact. Want to know how compliance-ready your organization is with your security controls? Our 10-question assessment is a smart way to help you find out.
My Math Class Nightmare
One place where I always felt out of place growing up was math class. Which probably explains why today I often experience the same recurring dream when I’m particularly stressed out in the conscious world.
In my dream, I’m two weeks away from high school graduation when it hits me that I’ve been registered for an algebra class all semester that I’ve attended once and the final exam looms. My stomach knots and cold sweat beads my forehead knowing that I won’t graduate if I don’t pass the final.
It’s always a huge relief when I wake up.
The EU-based GDPR legislation regulations are also looming. They’re designed to protect the personal data of private citizens. After May 25th, any corporation found to be out of compliance could face large fines.
Sample Questions from the Online Assessment
Here are some of the questions you’ll find in the survey. When you complete it, you’ll receive a personalized summary with action items to help you boost your compliance strategy right away.
How do you ensure transparency during data collection?
GDPR emphasizes transparency for all EU data subjects. When the data is collected, it must be clear why the data is being collected and what it will be used for. Organizations must also be willing to provide details surrounding the data processing when requested by the data subject.
Does your organization limit the amount of data you collect on EU citizens?
GDPR legislation requires a lawful and legitimate purpose for processing personally identifiable information at that time of collection.
How are your data retention policies being enforced?
GDPR requires organizations to store only the minimum amount of data required for their purpose. Data that may have had an initial purpose might not be needed in the longer term.
What is your plan for ensuring your data remains accurate and valid?
GDPR requires data controllers to ensure information remains accurate, valid, and fit for its intended purpose. Everyone must have a policy in place to address how they will maintain the data they are processing and storing.
How much control do you have over the storage and movement of data?
GDPR legislation discourages unnecessary data redundancy and replication. It limits how data is stored and moved, how long data is stored, and requires understanding how the data subject would be identified if the data records were to be breached.
GDPR Legislation Requires a Change in People, Processes, and Technology
According to Simon Townsend, Ivanti’s Chief Technologist for EMEA, protecting data is made more difficult with the increase in ransomware and other malware attacks, a more mobile workforce, and an ever-changing computing platform.
Simon says, “GDPR requires a change to procedures and workflows. It requires a business to change its processes so that GDPR compliance is built into the practice of the business, not something that IT or the business simply reacts to if and when a change occurs relevant to PII data. Some technology can help, but sadly, some cannot. And none, I repeat, none, provides the ‘silver bullet’ to ensure you are compliant and protected. GDPR in fact, is not an IT problem, it’s a business problem. It’s more legal than IT. IT only makes up part of the solution.”
Where Ivanti Can Help
The latest recommendations from the National Cyber Security Centre (NCSC) to prevent against cyberattacks include secure configuration, managing user privileges, incident management, removable media controls, and malware protection. As Simon Townsend says, while there is no silver bullet, solutions from Ivanti can help you reduce your attack surface, discover and provide insight into areas of weakness in your IT estate, and take action to protect sensitive PII information from attacks.
With Ivanti you can:
- Discover the hardware and software in your environment. You can’t protect or defend against the unknown.
- Retrieve and track data, report, and analyze.
- Patch the applications you can patch, and control access to those you can’t.
- Control removable device use and enforce encryption on removable devices and hard drives.
- Limit admin rights without affecting productivity or consuming your IT team’s valuable time.
- Marry security capabilities with workflows and asset management processes to complete a secure lifecycle.
Invest a few minutes to complete the 10-question assessment and receive the personalized summary with helpful action items.