Designed to strengthen protection of personal information for all EU citizens, the General Data Protection Regulation – GDPR – goes into effect in May 2018 and may affect companies of all sizes, in all regions, and in all industries, who holds EU citizen personal information. Those who will be victim of a data breach when the GDPR goes into effect risk significant fine (up to Euros 20millions or 4% of their global revenues), and loss of reputation, that could bring the business to its knees.
In September 2016, SonicWall conducted a global survey on the European Union’s new General Data Protection Regulation (GDPR), revealing that organizations ‒ both SMBs and large enterprises ‒ lack general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes. Survey results show that 82% of global IT and business professionals responsible for data security at both SMBs and enterprises are concerned with GDPR compliance. Although the majority of global IT and business professionals express compliance concerns, respondents lack general awareness of GDPR, and they are neither prepared for it now, nor expect to be when it goes into effect, which is very worrying.
These results are very concerning as we are just 18 months away from the new regulation being implemented.
Don’t wait until it is too late: listen to the recorded webinar that sheds some light on the ins and outs of the new GDPR requirements and how to increase your overall data security posture to minimise the cyber risks and potential financial fines.
I also invite you to engage with a local legal firm who specialises in data security compliance and regulations, like Cordery in the UK, whose GDPR FAQs document is also very informative. Jonathan Armstrong, Partner at Cordery, recently told me:
“GDPR will be a game-changer for corporations. It will mean greater visibility for mistakes, more questions from the board and higher fines. There’s less than 18 months to go – that’s not a lot of time for the fundamental changes some business have to make to the way in which they deal with vendors, they way they train their employees and the technology they use. The time to get ready is now.”
This new regulation provides uniform data protection rights across the EU, and, to be in compliance, both European organizations and those outside of Europe that deal with European citizen personal information must adopt an adaptive, user-centric, layered security model approach around the tenets of prevent, detect, respond and predict.
To be GDPR-compliant and maintain it, you will need to carry regular audits and deploy network security solutions that will enable you to:
Protect the perimeter. Deploy next-generation firewalls to reduce the network’s exposure to cyber threats, mitigate the risk of data leaks that could lead to a data breach resulting in stiff penalties assessed under GDPR, and deliver the forensic insight required to prove compliance and execute appropriate remediation following a breach. The SonicWall next-generation firewalls protect against emerging threats and feature deep packet inspection; real-time decryption and inspection of SSL sessions; adaptive, multi-engine sandboxing; and full control and visualization of applications.
Facilitate secure mobile access. Foster the secure flow of covered data while enabling employees to access the corporate applications and data they need in the way they prefer, and with the devices they choose. Enhance data security (while removing access obstructions) by combining identity components, device variables and temporal factors (time, location, etc.) to deliver an adaptive, risk-based approach that ensures the right access all the time, every time, while concurrently improving data protection and GDPR compliance.
Ensure email security. To fulfill GDPR requirements, achieve full control and visibility over email activity to mitigate the threat of phishing and other email-based attacks on protected information, while enabling the secure and compliant exchange of sensitive and confidential data.
IDC is advising companies to not put off early consideration of GDPR. The scale, complexity, cost and business criticality of GDPR means that it will take (at least) two years for most companies to achieve full compliance. Most companies of all sizes need to start now.