In less than two weeks(!!!), your organization must have in place General Data Protection Regulation (GDPR) procedures and practices, especially if you do business in Europe. Or with their citizens while they are in the United States.
While the legislation isn’t complicated, the process to fulfill it can be, particularly for emerging, global businesses.
Here is a summation of GDPR, the results of a recent survey and a major risk when it comes to compliance.
GDPR Main Points
This European Union (E.U.) legislation was approved in April 2016 and replaces a previous data protection directive. It provides sweeping personal privacy control for the citizens of the twenty-eight nation EU. and Britain (who at the time was in the Union).
Consent verbiage about the use of personal data must be easy to understand and it must be equally easy to withdraw consent for this use at any time.
Organizations must notify regulatory institutions within 72 hours of a known breach.
If a company or organization violates the law, they will pay 4% of a company’s annual global turnover or $24.6 million, whichever is greater.
Survey Spells Out No Surprises
According to a recent HelpNetSecurity survey of U.S. Information Technology Decision Makers:
- 73% believe GDPR will change the way their business will operate
- 62% describe themselves as confidently prepared for GDPR
- 51% said they have all the systems in place to remove EU citizen requested personal data, including to the backup level
- 49% admitted they are continuously conducting security audits of data storage locations
- 48% are concerned about data that is gathered through geofencing and the ability to control it
- 20% of the companies represented lack continuous encryption of personal information, both on the cloud and within on-premise servers
Risk of Dwell Time
Hackers are becoming savvier. They are using tools and processes that lengthens the time they go undetected roaming around your network of servers and systems, which may amount to day, weeks or months.
While this is disturbing in and of itself, it’s also problematic when it comes to GDPR. 34% of the IT Decision Makers from the above survey lack confidence their system would automatically identify a breach event.
Security controls, including honeypots and decoy systems, are being deployed on a regular basis to lure unwanted tenants into areas that can be closely monitored. An added benefit of this process is the ability to understand attack paths and fix those vulnerable pathways.
Shellproof Security Can Help with GDPR
We bring cybersecurity solutions to small and mid-sized business around the country.
We know a single breach of your data can be enough to put you out of business. We can provide you with the resources, procedures and training to adequately protect against the toughest cyber foes.
Give us a call at 212-887-1600 to start the conversation about our protection process!