The General Data Protection Regulation becomes effective May 25, 2018, barely over a year away. Failing to achieve GDPR compliance will result in hefty fines and penalties for organizations. As a result, companies have been researching and implementing various data protection strategies to ensure compliance. In a webinar with Bloor Research's Senior Security Analyst Fran Howarth, she explains five important organizational requirements you should implement to achieve compliance. You can watch the full webinar here.
As the GDPR has turned the focus back on data protection and compliance has become the biggest driver in IT security spending, DLP has risen to the top of security initiatives organizations are looking to implement. While the GDPR is not particularly prescriptive in terms of what technologies are required for compliance, here are five things you should implement for GDPR compliance:
1. Protection for Wherever the Data is Located
The most important starting step is to know where data is generated, used, and stored, and the security processes that govern it. Data may be in many number of places, including outside the organization in the hands of outsourcers, cloud services and on mobile devices. Because that data may be sensitive, protection needs cover the network, the endpoint, and the cloud.
2. Integrated DLP Controls
Integrated DLP controls will greatly enhance an organization's data security abilities. Gartner predicts that 90% of organizations will implement at least one form of integrated DLP solution by 2018. A DLP platform that protects data wherever it resides or is used is essential for compliance regulations and should watch for all traffic flows, such as email and web gateways. Considerations should also be give to social media data such as user posts and information published in blogs. Every piece of content generated should be inspected, especially given expanded definition of personal data by the GDPR.
3. Complementary Security Controls
Security controls need to complement and work with each other to ensure proper data protection as data moves across different devices and platforms. Integrated DLP controls will not work as smoothly without complementary security controls.
4. Centralized Visibility and Management
Centralized management will ensure security policies can be uniformly enforced. Centralized visibility also makes it easier to recover when transgressions occur.
5. A Range of Delivery Options
Because data travels across many platforms and devices from computers to mobile phones and from social media to the cloud, there needs to be a range of delivery options for your data protection solution. That is why it's important to provide protection on the endpoint, the network, the cloud, and for Windows, Mac, and Linux.A range of of delivery options will allow for a more complete coverage.
