In this SC Magazine article, Code42’s Andy Hardy advises CISOs and CIOs to get ahead of GDPR with smart data protection tools.
By the end of 2015, it is likely that the European Union (EU) will be subject to the new General Data Protection Regulation (GDPR). GDPR replaces a patchwork of privacy directives with data privacy uniformity across 28 European Union member states, a one-stop shop for compliance, and higher penalties to incent adherence. This regulation extends to organizations based outside the EU if they process personal data of EU citizens.
Effects of the GDPR on EU and US companies
The GDPR will affect how personal data is handled and stored. Should a breach occur, the European Data Protection Board will evaluate whether the company has been negligent in its data protection operations and the level of compensation a company must pay affected parties—which can reach €100m or a fine of between 2-5 percent of its global turnover.
Today, each EU country has its own rules regarding data security. The general consensus regarding the shift to GDPR is that it will amalgamate and enforce stricter rules. Moreover, its authority will extend beyond the data center to the information stored and handled on the endpoint (laptops and desktops). Therefore, pre-empting the GDPR changes by protecting data on endpoints—now rather than later—is key.
For European organizations using American cloud stores, there is additional incentive to redefine data protection strategies. Due to US security legislation, agencies such as the NSA can request access to data beyond its borders. While a company may have nothing to hide, sensitive corporate data, around which competitive advantages are built, may be open to scrutiny. For many chief information security officers (CISO) this is an unsettling thought.
Acting early to prevent GDPR sanctions
Finding and implementing the right data protection strategy is critical. CISOs should be focused on quick and sustainable ways of circumventing the obvious threats, and building a better overall data protection practice within their organizations. The easiest way to do this is by focusing on endpoint data protection. By joining forces with a security vendor that understands internal and external risks and the risk of unprotected data on the endpoints, CISOs will be in the best possible position to defend their businesses against future legislative fallout.
CISOs should select vendors centered on safeguards such as adequate encryption, system visibility and intelligent tracking of all endpoint data—attributes that enable faster breach remediation and the ability to track movement of and access to data effectively—an important advantage given the number of people and devices accessing potentially sensitive corporate information.
Ensuring the appropriate endpoint data precautions are taken now should be a high priority for any CISO, CIO and company in this time of transition. Precaution will allow an organisation to gain complete control of its own information, but ensure that its CIO’s focus is on increasing profit and expanding technological reach, rather than worrying about the safety of the ones and zeroes.
Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.
Contributed by Andy Hardy.