Authored By: Carl Leonard, Principal Security Analyst, Forcepoint
We are just three months away before the EU GDPR comes into enforcement – news that is likely to set some people’s hearts racing…and not in a good way! But May 25, 2018, is a date we all need to keep close to our hearts.
Let’s be honest with each other, regulation is never something you’re going to fall in love with. However, it is the push we all need to get us to pay attention to what matters most: our data. That data is the lifeblood of your organization, representing the people in your employ that allow the business to thrive and the lives of the customers that your business serves. The high-profile data breaches of 2017 showed us all how vulnerable this data and your people truly are.
The GDPR countdown provides a timely push for all of us to do more to protect the privacy of the people that matter most; it is the perfect opportunity to show them how much you care. After all, by protecting the people you secure the organization.
100 days does not sound like a lot of time, but it’s not too late – most organizations will be well on the way to putting in place the processes and security measures that the regulation requires. 100 days is the perfect opportunity to check your progress to see if you are on track as you put the last pieces of your strategy in place.
With three months to go, here are a selection of hand-picked reminders as you move towards the end of the GDPR countdown:
- Review the relationships with your suppliers and application providers. Are they protecting the data that you are asking them to process? How will they notify you if they suffer a breach? Consider that your data may be held within a cloud application – you will need to approach your cloud application providers too.
- Consider whether you need to appoint a Data Protection Officer, or a DPO. This person will take responsibility for data protection compliance in your organization.
- Consider how you might inventory your data. You may well identify pockets of data that you did not know you had. Consult our guide, “The Need To Inventory Personal Data” , to help identify solutions that will help in this endeavour.
- Evaluate how well you have mapped your data flows. GDPR expects organizations to understand not only where data is stored, but also where data is being used and transmitted. Our helpful “Data Flow Mapping and Control” guide references the regulation text and offers some tips.
- Should the inevitable happen and you need to respond, and recover, to a breach within tight time constraints “Detect & Respond to a Data Incident” explains how the NIST framework can point you in the right direction.
These reminders are not exhaustive. Your Supervisory Authority will likely have many guides that you can act upon. The Forcepoint GDPR Resource Pack will also help.
GDPR and regulations like it are a serious business, but that doesn’t mean you should embrace GDPR only because you have to…embrace it because you want to!