Enterprise Technologies That Tame GDPR Compliance

Posted on: Monday, January 22nd, 2018

Experts discuss the IT solutions that help businesses meet the EU’s tough new data privacy regulation.

In roughly four months, the European Union’s (EU) General Data Protection Regulation, or GDPR for short, goes into effect. Businesses that aren’t prepared for the May 25— many of them weren’t as of last summer’s VMworld 2017 conference in Las Vegas—are in for a rude awakening if they mismanage the data belonging to users in the EU.

The stringent new rules on user data privacy and security not only apply to EU-based organizations, but also companies that do business in the region, which describes countless web applications and online services with European customers. Penalties for mishandling user data can reach as high as four percent of an organization’s global annual revenue.

After settling on a GDPR compliance strategy, it’s time to look for technology vendors and software solutions that are up to the challenge. Here’s some advice on the what to look out for while assessing your organization’s GDPR readiness and evaluating products that can help.

Automated Data Protection Processes

When it comes to meeting GDPR security requirements, Bogdan “Bob” Botezatu senior security threat analyst at Bitdefender, said it’s time to pawn off the manual labor to machines.

“Use a solution that automates manual data protection processes and offers better visibility of data flowing in and out of your company. Your solution of choice should also be a layered one that yields protection against data loss, data theft (including targeted attacks) and offers enhanced visibility into data breaches,” advised Botezatu.

For effective GDPR compliance, IT and business leaders should be prepared to set new security standards for their organizations, perhaps a high one.

“Define procedural and technological controls you deem sufficient to protect personal data. Pay special attention to securing unstructured data e.g. by encrypting it,” added Botezatu.

When it comes time to implementing GDPR-friendly processes and IT solutions, it’s up to data protection officers ensure that they all work in tandem to safeguard user data.

“Data governance should be a result of business functions cooperating with teams focused on information, data, and security architecture,” Botezatu said. “The best leader to facilitate this is the Data Protection Officer. When choosing technical and procedural controls special attention should be paid to the products and services that improve data security posture.”

Managed File Transfer

Peter Merkulov, chief technology officer of GlobalSCAPE, a secure data integration and movement software provider, also advocates the use of data protection software. Another good idea is to explore the world of governance, risk and compliance technology (GRC) services and reporting tools.

There’s also a lot to be said about managed file transfer (MFT) solutions that ensure the secure collection, movement and eventual usage of sensitive personally identifiable data.

“What makes something like MFT a good fit to achieve compliance mandates is that it provides organizations with a holistic view of their data movement processes. It is essentially one, centralized hub that customers can use to build the process that takes care of everything, from movement, to storage, to processing sensitive information at all points of an organization,” Merkulov said. “MFT provides clear visibility into data flow, whereas if you use separate technologies or tools they would only really give a partial picture of the process and can make compliance much harder to achieve for that reason.”

Security-enhancing capabilities to look for in an MFT solution include data encryption, access rights management and a full audit trails, Merkulov said.

Data Mapping

The new compliance rules established by GDPR can punishing to organizations less than exacting data management practices. Data mapping solutions can help eliminate potentially costly blind spots, says Darren Abernethy, senior global privacy manager at TrustArc.

“A large part of the new GDPR accountability regime is being able to justify the type and scope of data that is being collected, and to demonstrate compliance in a timely manner,” explained Abernethy. “Using technology solutions that facilitate data mapping allows companies to know exactly what data they’re collecting, where it’s being stored, and who has access to it.

“It also helps organizations understand where they are acting as a data controller versus a data processor, and thus which additional obligations may apply based on sensitivity, geography or other factor,” Abernethy added.

Privacy Impact Assessments

Under GDPR, it’s not enough to take user privacy seriously. Organizations must also weigh the potential impact their business decisions will have on their users’ data privacy.

Abernethy suggests investigating solutions that enable businesses to conduct privacy assessments that clue companies into potential trouble, preventing a tussle with regulators down the line.

“Businesses must understand the privacy risks that can result from new product launches, geographic expansions and mergers and acquisition activity. To do this, companies are looking to tools deployable across the organization that help identify high-risk data being collected as it pertains to new regulations, and create an audit trail to show they have thought through privacy issues proactively with multiple stakeholders,” Abernethy said.

“Companies can then assess where they have gaps in compliance efforts and the steps involved to remediate any areas of concern,” he added.

Individual Rights Compliance

Weighing a privacy management solution? Don’t neglect the fact that GDPR grants users rights over how businesses use their data, reminded Abernethy.

“GDPR Articles 15-23 on ‘individual rights’ require companies to provide customers the right to access their data, the right to restrict or object to the processing of their data, and the right to data portability,” he said. “The use of technology solutions that are able to create custom individual rights request forms and provide notifications and automated reporting will help companies meet individual rights requirements without interfering with their business model.”

And businesses don’t want to be caught dragging their feet after a user request is submitted.

“These tools, when combined with data mapping, allow companies to quickly identify the storage location(s) of the data requested by customers and fill that request within the required timeframe of 30 days,” said Abernethy.

By Pedro Hernandez, Posted January 19, 2018

Source: https://www.esecurityplanet.com/network-security/enterprise-technologies-that-tame-gdpr-compliance.html

Contact Us

AID Compliance Ltd.
106, Cospicua Road,
Paola, PLA 1902
Malta
+356 2149 9454
+356 9985 7158

Alternatively, please fill in the form below to get in touch with us.

Why AID Compliance?

What makes us different?

When someone asks, “What’s different about AID Compliance?”, the answer resides in our experienced professionals who are innovative and constantly involved in bringing fresh ideas. Ongoing training and education is one of the pillars of AID Compliance’s service to our clients. Our staff successfully implements effective compliance solutions tailored to each client’s needs.

Our one-stop-shop provides all the relevant services under one roof. Due to this structure, clients save time and effort and queries will be dealt with promptly. Any essential points can often be discussed in a more time-saving manner for the client as many material facts are already known to us through our ongoing advisory work.

Getting compliance right is important for all businesses. We know and understand the challenges you face.

Read More

Latest News

Let us keep you informed with our latest company updates, industry news, local and foreign articles.

IMF chief: Cryptocurrency regulation is ‘inevitable’
Monday, February 12th, 2018
IMF

DUBAI (CNNMoney) - IMF chief Christine Lagarde says it's only a matter of time before cryptocurrencies come under government regulation. "It's inevitable," she told CNNMoney emerging markets editor John Defterios. "It's clearly a domain where we need international regulation and ...read more »

Join us for a Training Event
Thursday, January 18th, 2018

  AML & CFT TRAINING PERSPECTIVE FOR CSPs & TRUSTEES     TOPICS COVERED: RISK APPROACH FOR CSPs AND TRUSTEES AND BENEFICIAL OWNERS’ DATABASE   The 4th AML Directive imposes requirements on Subject Persons to adopt a fully integrated Risk Approach. ...read more »

Let's keep in touch

Enter your details below and stay informed with the latest industry news, articles as well as useful information.

We will not spam your email or sell your data to other companies. You may also unsubscribe at any time.


FInance Malta
AID Compliance Ltd.
106, Cospicua Road,
Paola, PLA 1902
Malta
+356 2149 9454
+356 9985 7158
© Copyright 2017 AID Compliance Ltd.