You may have read the blog Navigating the Seven Key Principles of GDPR. If not, check it out before you read this, because I am going to go a little deeper into how Ivanti can help you implement a GDPR strategy to address those seven key principles.
GDPR is all about protecting the personal data of EU citizens and residents, and giving the data subjects more control over their data. First, you must establish whether GDPR will apply to you. Once you know if you are on hook to comply, keep in mind that there is no “single compliance solution” that you can purchase to be instantly compliant.
Some requirements will not be solved by technology alone because they must be done at an organizational level. For example, appointing a GDPR data protection officer or developing your notification process in case of a breach. A comprehensive GDPR strategy requires a mix of internal process creation, policy changes, and technology. That being said, there are several areas were Ivanti can help.
Ivanti Can Support Your GDPR Compliance Strategy
Ivanti helps you implement your General Data Protection Regulation (GDPR) strategy with unified IT solutions to assess risk, enforce policies, secure data, respond to incidents and requests, and prove compliance. If you are in the process of developing your GDPR strategy, contact Ivanti to discuss where we can provide value around the key GDPR requirements.
As we speak with customers and prospects about their GDPR challenges, these conversations lead to the identification of several key areas where you need some level of risk mitigation:
- Comprehensive assessment – before you start to develop your GDPR compliance strategy, a baseline assessment should be taken to determine exactly how data is currently being protected, and to know what changes need to be made. You can’t protect or secure what they don’t know about. Completing an assessment as comprehensive as needed for GDPR is an overwhelming challenge without the right technology in place. Ivanti helps streamline the assessment processes with solutions that provide insight into your network assets, connected devices, applications, files – and identify security vulnerabilities.
- Processes and policies: The first few principles of GDPR address the requirements around collecting, minimizing and storing data. This includes adopting data transparency, showing a legitimate purpose collection and storage, keeping data accurate and valid, limiting storage, and more. You must also have a deep level of understanding around how the individual would be affected if there was a breach. It takes time to get the right processes and policies place – but, the real challenge tends to be enforcement. Enforcing processes and policies is an area where software solutions like Ivanti can help.
- Data security: GDPR requires organizations to keep data confidential and secure – specifically to “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.” It is important that the integrity and privacy of the data is maintained. By the way, GDPR extends not just to IT systems, but covers paper records as well as physical security. GDPR has completely shifted the responsibility of data protection to organizations who are collecting and processing that data. You should seek out tools like those from Ivanti to help you proactively address security gaps in areas such as endpoint security, identity and access management, whitelisting, patching, privileged account management, etc.
- Response and remediation: There are several mandated response requirements spelled out in GDPR. One example is that EU citizens and residents have the right to request what data the organizations holds on them – then the organization is required to respond and take any action requested within 30 days. Another example is controllers are required to address and remediate incidents immediately, then notify the appropriate authority within 72 hours. To ensure compliance response requirements, you must have an incident response, remediation and communication plan in place that doesn’t rely on tedious, manual processes. Ivanti’s powerful automation and workflow capabilities can help ensure mandated timeframes are met.
- Accountability and liability: Regulations usually come with requirements to demonstrate compliance. You can have the greatest processes in place to meet GDPR requirements, but if they aren’t being enforced automatically (through some type of technology) with audit trails, it will be very difficult to prove compliance. We can’t speculate what GDPR audit processes will be like once the deadline has passed, but we can apply what we have learned from other regulations – it will probably be a time-consuming and grueling experience. We believe that every step within your GDPR strategy should be auditable, so Ivanti allows you to leverage dashboards and reports to help prove compliance.
The Time to Act Is Now
I know this all seems like a lot of work that must be done before the May 2018 deadline, so my advice to you is to not wait any longer to get started. If you would like to learn more about how Ivanti can help simplify GDPR compliance for your organization, take this GDPR Risk Assessment.