Ongoing digital transformation has carried us right into the data-centric age: personal data is everywhere. Data subjects do not always realize how their data is handled, or who has access to it. What is even worse, organizations are sometimes careless about how they handle this data – and how they bring it online. That creates a surge of opportunities for data hunters of all kinds. The EU General Data Protection Regulation is an attempt to address those problems.
What GDPR is, and how it will help
GDPR suggests an ongoing process focused on ensuring that data subjects have real control over their personally identifiable information – and ensuring companies use it lawfully and handle it securely. It helps give both data controllers and data processors a clearer understanding of their responsibilities.
This regulation is about ensuring that the processes and technologies used for personal data safekeeping follow the Regulation and are effectively implemented. Therefore, compliance is not a one-time task, something that is simply accomplished; you will need to assess and adjust regularly. Compliance lies not just in following the letter of the law but also in taking a practical approach to ensuring data security – which you can accomplish by continuously tuning your processes and countermeasures.
What you can do
Of course, implementing effective cybersecurity technologies does not equal GDPR compliance. However, cybersecurity is among the cornerstones on which this compliance is built. We have some practical advice on how to strengthen it.
- Start your protection with endpoints (including keeping track of mobile ones); they are likely points of entry for cybercriminals, which can pose a risk even if the endpoints are not directly involved in personal data processing.
- Use encryption to protect data at rest — and in motion! Ensure the security of your regulated data storage.
- Add layers of protection to your gateway and e-mail server to counter the “human factor” to reduce risk.
- Regularly check your infrastructure for weaknesses before someone else has a chance to find them. Perform penetration tests and security assessments.
- Know what is happening in your infrastructure. In the event of a breach, your ability to establish the cause may help mitigate other, future risks and demonstrate that you made reasonable efforts to protect data.
(From Kaspersky blog).