General Data Protection Regulation (GDPR)

 

The General Data Protection Regulation will come into effect May of 2018. Whether an organization resides in the EU or merely transmits EU citizen data, global companies are working frantically to comply with the sweeping regulation. Adding to the complication, GDPR effects departments across the enterprise – legal, IT and security – leading to the need to work cross-functionally across the organization.

GDPR outlines the following cyber security requirements:

  • Defines lawfulness of processing data to include consent by data subjects, privacy by designing, the right to be forgotten and data portability requirements
  • Outlines responsibilities of controllers and processors
  • Requires Privacy Impact Assessment and appointment of a data protection officer
  • Enforces strict breach notification requirements

 

This regulation is unprecedented, and it is imperative your organization develop a plan for execution to include people, process and technology. Your security department should assess itself across the six key security components of GDPR and develop a business aligned plan in conjunction with the IT and legal teams.

 

  • Data Governance – Understand GDPR regulations as it relates to the business and then activate a plan to meet those obligations.
  • Data Classification - Analyze what data within the environment is relevant to GDPR and develop proper classification scheme for ongoing data management.
  • Data Discovery - Determine where sensitive data is stored across your environment and set up policies and procedures to manage it.
  • Data Access - Recognize who has access to data and set up policies and procedures for access management and governance.
  • Data Handling - Prepare for the chance of an incident, ensure that plans are in place to meet GDPR obligations regarding the handling of sensitive information.
  • Data Protection - Plan, build and run an appropriate security program for the protection of sensitive information.

Why Ascend?

Ascend has the proven ability to look at your organization's security and privacy program holistically. Our goal is to help your business evolve and improve your security program, and as a result, meet GDPR requirements, not the other way around. Ascend can help your organization to not only create a plan, but execute and maintain that plan to include people, process and technology. If you are just getting started or already executing to a GDPR roadmap, Ascend provides solutions to reach GDPR compliance without the noise.