HOME
NEWS

GDPR: Navigating Compliance Complexity


By VARINDIA - 2017-12-10
GDPR: Navigating Compliance Complexity

Organizations are now coming to terms with the fact that complying with the EU GDPR is a necessity for business success. With data privacy recognized as a fundamental human right, GDPR ensures that businesses are putting protections in place to safeguard data, regardless of where it resides. Taking care of the following requirements will help businesses to navigate the regulatory requirements of GDPR:

 

1. Double-check the data trail across networks and within the organization

 

In other words, perform a risk assessment. Data flows across endpoints into the data center and up to the cloud, but certain risks are introduced when data flows so effortlessly between users and automated systems. Organizations need to be confident that customer records and organizational data is secure whenever or wherever it is being transported or stored. Servers, desktops, laptops, USBs and other removable media devices used by staff often contain highly-sensitive client information. Unfortunately, losing this data could put the employee, client, company or individual at both financial and reputational risk.

 

2. Apply data minimization rules for fulfilling business purpose

 

“We never throw away data,” said Jeff Bezos of Amazon, simply because one may never know when it would become useful. But times are changing, and GDPR is forcing businesses to look towards creating value with ”less is more” approach. It is important that a business analyst defines the parameters of data requirement and collection, because GDPR requires that data storage and use be limited only to what is necessary. The view that bigger is better no longer applies. With Big Data, the Cloud and IoT presenting an exponentially large surface area for hacks, attacks, loss and theft, data hoarding no longer presents a viable business case. Mechanisms to securely erase and limit data not only help to reduce risk, but also cut costs associated with data storage.

 

3. Educate staff on data privacy, security, and risk

 

Studies have shown that the more educated and engaged employees and clients are, the more successful an organization`s data security efforts become. Education and training is one of the top concerns of the information security industry, and it will be the primary focus of organizations in the next two years. According to a 2016 Data Breach Investigations Report by Verizon, about 63 percent of confirmed data breaches were password related, although other security mistakes by staff remained high. Of course, organizations face an uphill struggle to make their security awareness training programs work. This is because they treat security awareness training programs as an event rather than a continuous program that adapts to the risks that employees face.

 

4. Have a mechanism to allow EU residents exercise their rights

 

Under the EU GDPR regime, citizens have the right to access data, to rectify or erase data, to restrict data processing, to move their data and to object to data processing. Organizations must have a mechanism in place to respond to and act on these requests without delay. The mechanism should also include processes to ensure that consent is both voluntary and explicit with regard to the scope and consequences of data usage.

 

5. Be prepared to demonstrate your policies, processes and safeguards

 

Organizations regularly use and reuse multiple data sets, and process a large number of data. They must have in place effective safeguards, controls and oversights to demonstrate the protection of persona data. They also need to have a designated Data Protection Officer on board to monitor compliance and be a single point of contact both within and outside of the organization. The officer, in effect, should oversee measures to safeguard personal data and minimize data collection, processing, and storage. It would also be prudent to have a regular review of the data handling mechanism by a governing group consisting of IT, security, business managers, legal, HR, and some key executives. Regular reviews will help in identifying emerging gaps or predicting pitfalls in the process.

 

6. Set up an emergency response and notification mechanism

 

The upper time limit for notifying a breach is 72 hours. Depending on the severity of the breach, you may have to notify all affected individuals and concerned authorities. Remember, 72 hours is not a long time; therefore, it is critical for enterprises to have their systems and processes aligned, and have safeguards in place to mitigate damages, including encryption. GDPR's severe penalty for a breach due to noncompliance is widely talked about. However, by having in place a robust encryption system; organizations can save themselves from much of the post-breach compliance regulation.

 

Remember, choosing the right data protection technology is an important consideration. Organizations need to have effective data security stacks that include deception technologies, reach detection solutions and robust encryption and key management tools to protect data wherever it resides, whether it be on endpoints, across the datacentre or in the cloud. They should also apply techniques like anonymization and pseudonymization to minimize the amount of data that can be accessed.

 

Rahul Kumar
Country Manager, WinMagic

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA