Could You Be More GDPR-Ready with Some Course Corrections?
There’s an old saying that goes like this: “The doors of history turn on small hinges.” So do our lives as human beings. So does the longevity of a business.
Those “hinges” are the choices we make—the decisions that direct our destiny. Fortunately, most choices are minor course corrections vs. monumental shifts.
What adjustments or course corrections may be needed in your organization within the context of the General Data Privacy Regulation (GDPR) that becomes effective May 25, 2018?
Do you hold PII data on EU citizens?
To summarize, the GDPR concerns the protection of EU residents’ personally identifiable information (PII). It affects any company globally that holds data of EU citizens. Fines of up to €20 million or 4% of turnover for a data breach can be imposed. And the GDPR mandates the relevant Supervisory Authority be notified of a data breach within 72 hours.
Computer Weekly has warned that UK firms could face £122 billion in fines in 2018, based on the uplift from the existing £500,000 cap on ICO fines that saw firms pay £1.4 billion in 2015.
The GDPR requires that personal data be “processed in a manner that ensures appropriate security… including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.”
Plenty of buzz, not so much action.
The perception among many IT professionals and industry thought leaders is that GDPR is another lumbering policy wagon for vendors to jump onto in order to make a fast buck. Yet customers are reluctant to buy because there’s too much uncertainty. What’s more, those who are defining the regulations and policies surrounding GDPR are missing deadlines for providing clarity. Lots of buzz, but possibly less than ideal action.
No silver bullet. Choose the right (but harder) course vs. the easier (but wrong) way.
According to Simon Townsend, Ivanti’s Chief Technologist for EMEA, the GDPR legislation requires a change in people, processes, and technology. Protecting data is made more difficult with the increase in ransomware and other malware attacks, a more mobile workforce, and an ever-changing computing platform.
In a related blog post, Simon writes:
“GDPR requires a change to procedures and workflows. It requires a business to change its processes so that GDPR compliance is built into the practice of the business, not something that IT or the business simply reacts to if and when a change occurs relevant to PII data.
Some technology can help, but sadly, some cannot. And none, I repeat, none, provides the ‘silver bullet’ to ensure you are compliant and protected. GDPR in fact, is not an IT problem, it’s a business problem. It’s more legal than IT. IT only makes up part of the solution.”
One part of the solution is Ivanti.
The latest recommendations from the National Cyber Security Centre (NCSC) to prevent against cyberattacks include secure configuration, managing user privileges, incident management, removable media controls, and malware protection.
As Simon Townsend says, while there is no silver bullet, solutions from Ivanti can help you reduce your attack surface, discover and provide insight into areas of weakness in your IT estate, and take action to protect sensitive PII information from attacks.
For example, our Ivanti Endpoint Security solutions help secure endpoints (and therefore PII data) against insider threats, ransomware and other malware via patching, application and device control, and encryption, all from one console. Ivanti Service Manager helps organizations put automated workflows in place for incident response and remediation capabilities. It also automates communication between IT teams and end users. All this allows IT to efficiently track and retrieve data for audits or data requests, and respond to data breaches faster.
By combining our endpoint security solutions with service management, you can automate processes and workflows to assist with GDPR compliance. You can respond to PII data requests as well as detect and solve incidents quickly and effectively while maintaining data integrity and customer satisfaction.