How compliance-ready is your organization for the General Data Privacy Regulation (GDPR) that becomes effective May 25, 2018? Our 10-question assessment will help you find out.
On or off the job, I hate it when I’m unprepared.
As a Boy Scout in the late 60’s, I often fantasized a “Boy’s Life Magazine” moment in which I rescue someone in peril. As Bryan Wendell tells the story in his blog for adult scout leaders, Scouting’s founder, British Army officer Robert Baden-Powell, devised the motto “Be Prepared” and published it in 1908. When someone asked him “Prepared for what?” he replied, “Why, for any old thing.”
My troop was on an overnight winter camp in one of Salt Lake City’s nearby mountain canyons. One knucklehead tossed some spent flashlight batteries into the campfire. Minutes later they exploded and another scout cried out—struck in the eye with acid. The appropriate first aid was to deluge the eye with water. I raced to the tent for my canteen, only to remember I’d filled it with root beer before leaving home. Fortunately, other scouts were prepared with water and applied the first aid successfully.
Sample Questions from the Online Assessment
The EU-based GDPR regulations are designed to protect the personal data of private citizens. After May 25 next year, any corporation found to be out of compliance could face large fines.
Here are some of the questions you’ll find in the survey. When you complete it, you’ll receive a personalized summary with action items to help you boost your compliance strategy right away.
How do you ensure transparency during data collection?
GDPR emphasizes transparency for all EU data subjects. When the data is collected, it must be clear why the data is being collected and what it will be used for. Organizations must also be willing to provide details surrounding the data processing when requested by the data subject.
Does your organization limit the amount of data you collect on EU citizens?
GDPR requires a lawful and legitimate purpose for processing personally identifiable information at that time of collection.
How are your data retention policies being enforced?
GDPR requires organizations to store only the minimum amount of data required for their purpose. Data that may have had an initial purpose might not be needed in the longer term.
What is your plan for ensuring your data remains accurate and valid?
GDPR requires data controllers to ensure information remains accurate, valid and fit for its intended purpose. Everyone must have a policy in place to address how they will maintain the data they are processing and storing.
How much control do you have over the storage and movement of data?
GDPR discourages unnecessary data redundancy and replication. It limits how data is stored and moved, how long data is stored, and requires understanding how the data subject would be identified if the data records were to be breached.
GDPR Legislation Requires a Change in People, Processes, and Technology
According to Simon Townsend, Ivanti’s Chief Technologist for EMEA, protecting data is made more difficult with the increase in ransomware and other malware attacks, a more mobile workforce, and an ever-changing computing platform.
Simon says, “GDPR requires a change to procedures and workflows. It requires a business to change its processes so that GDPR compliance is built into the practice of the business, not something that IT or the business simply reacts to if and when a change occurs relevant to PII data. Some technology can help, but sadly, some cannot. And none, I repeat, none, provides the ‘silver bullet’ to ensure you are compliant and protected. GDPR in fact, is not an IT problem, it’s a business problem. It’s more legal than IT. IT only makes up part of the solution.”
Where Ivanti Can Help
The latest recommendations from the National Cyber Security Centre (NCSC) to prevent against cyberattacks include secure configuration, managing user privileges, incident management, removable media controls, and malware protection. As Simon Townsend says, while there is no silver bullet, solutions from Ivanti can help you reduce your attack surface, discover and provide insight into areas of weakness in your IT estate, and take action to protect sensitive PII information from attacks.
With Ivanti you can:
- Discover the hardware and software in your environment. You can’t protect or defend against the unknown.
- Retrieve and track data, report, and analyze.
- Patch the applications you can patch, and control access to those you can’t.
- Control removable device use and enforce encryption on removable devices and hard drives.
- Limit admin rights without affecting productivity or consuming your IT team’s valuable time.
- Marry security capabilities with workflows and asset management processes to complete a secure lifecycle.
Invest a few minutes to complete the 10-question assessment and receive the personalized summary with helpful action items.