Introducing GDPR

The General Data Protection Regulation (GDPR) came into force on May 25, 2018. It requires that organizations doing business with, employing, or collecting or processing EU citizens' personally identifiable information (PII) protect it.

Make no mistake: While the GDPR is technically European Union (EU) legislation, organizations with no offices in the EU must still be aware of its implications and be on their guard to avoid violating it. If yours has an international focus and reach, it is quite probable it will be required to comply—especially if it operates or offers services via the Internet.

How Will the GDPR Affect Non-EU Nations?

The GDPR will have a global impact even with the relatively small and localized nature of the EU itself. Despite EU countries being more likely to see the most change, non-EU countries are likely to see greater disruption, because organizations located within the EU may well be aware of the GDPR and prepared for the changes. In addition, many organizations located outside the EU may still believe they are exempt or will be unaffected.

What Does the GDPR Mean for Enterprises?

Compliance is important: The maximum fine for violating the GDPR can be as high as €20 million or 4% of annual turnover, whichever is higher.

Organizations will need to audit their data and verify that the methods of collecting, processing, and storing data as well as the nature of the data itself are GDPR compliant. If the necessary systems are not in place by May 25, organizations run the risk of non-compliance, sanctions, and losing business from their European partners.

How Can You Minimize Data Leakage and Breaches?

Achieving GDPR compliance shouldn't feel like a struggle. Foundational security will go a long way to getting you there. For example: Encrypt data in use, at rest, and in transit. Along with pseudonymization, encryption is explicitly mentioned as a safeguard in GDPR.

Today, many users choose to work not only in the office, but from home, in a café, in a partner’s office, and any other place where it’s convenient. Many need to travel abroad and work remotely. In such cases, data encryption at rest is very important, as some users tend to forget things left on their portable devices (USB thumb drives, DVDs, smart phones on the table, and more). If those devices provide access to corporate emails and sensitive data, they could expose the organization to data leakage or worse. 

Ivanti Endpoint Security encrypts hard disks, USB thumb drive, files, and folders. If, for example, a thumb drive is stolen, the thief will not able to access the data unless that individual has a data decryption key. Alternatively, for devices you can comfortably lock down—servers, fixed-function assets (POS, ATM, and pay-at-the-pump systems, for example), and thin-client or virtualized endpoints—another approach is to use Ivanti Device Control. Device Control helps quickly identify and lock down endpoints to prevent unauthorized use of removable devices and ports, and to prevent unknown apps from being installed and executed—reducing your attack surface exponentially. Device Control also provides audit reports and file shadowing to help organizations monitor corporate data and record each time it’s transferred from a corporate laptop or desktop, providing details like user name, date, time, file names, and file content.

Data Breach

The GDPR mandates that data breaches get reported to regulators in a timely fashion, and in some circumstances to those impacted as well. This means organizations will need a solution that detects and defends against today’s sophisticated cyber threats, most of which are client-side and initiated by the end user. They’re threats that are already past firewalls, and it’s very difficult for AV solutions to be 100 percent effective against newly emerging malware when they rely on known signatures.

What tools are effective today? Make sure you have solid endpoint security controls in place for discovering rogue devices; reducing the attack surface with solutions like Ivanti Patch for Windows, which offers the largest third-party patching catalog in the industry, and Ivanti Application Control with its Trusted Ownership feature for simplifying application whitelisting; and as noted above, locking down devices where possible.