The world didn’t come to an end on May 25 but already, some companies are feeling the heat after GDPR enforcement came into full force last week. Take note of the recent complaints – if you’re doing business in the EU, it’s time to change the way you do things or risk paying the price.
GDPR impacts your marketing, advertising, human resources and a wide-reaching set of business practices. Have you either hired or appointed a Data Privacy Officer? Someone, or a team of people, within your organization must have compliance expertise to inform you of your GDPR obligations and serve as the liaison with the supervising authority.
Next, have you located the personally identifiable information (PII) across your organization that GDPR now requires you protect? Identifying the data sets held by your organization isn’t always as straight forward as it sounds. For example, a Social Security Number in the U.S. is considered a Social Insurance Number in Canada. A Personal ID Number used in Norway, Finland and Sweden is called a Tax Code ID in Italy and a DNI Number in Spain. Locating the pertinent information means knowing just what to look for. You’ll also need to identify your legal basis for processing such data and what those processing activities entail.
Most of us realize a security incident is more of a question of when rather than if. In that case, GDPR has placed strict guidelines on your response as well. The breach notification window for organizations doing business with EU citizens is now 72 hours. You have a few options here but let’s start with the most obvious. How can you confirm there’s actually been a breach? When devices go rogue for example, that doesn’t always mean they have been stolen and/or breached? How can you figure it out quickly and still get the notification, where applicable, out in time to be in compliance?
Absolute Can Help
Though important and necessary, the requirements of GDPR are of course challenging for organizations of all sizes, in every industry. Knowing this, we have rolled out some important new features in the Absolute platform to assist with meeting these and other compliance mandates. New capabilities include EU-specific lexicons built into the platform along with a customizable expression set. Now it’s easier to find what you need to secure.
We’ve also created a new Risk Analysis option that will allow users to trigger investigations into their devices without having to go through the process of filing a police report. Yes, a complete incident response plan remains critical to ensure a fast notification turnaround in the event of a breach, but how can you speed up the confirmation time? This new Absolute platform feature provides you with a detailed report on what actually happened, fast along with a recommended course of action from a security expert.
Maybe you haven’t gotten far enough in ensuring your organization is compliant. To quantify the extent of what could be a dark endpoint problem, get started with our free GDPR Data Risk Assessment.