GDPR Compliance In The New Age Of Data Consciousness

Elite CIOs, CTOs & execs offer firsthand insights on tech & business. Opinions expressed by Forbes Contributors are their own.

Post written by

Richard Henderson

As Absolute’s Global Security Strategist, I am responsible for trend-spotting, industry-watching and idea-creating.

Richard Henderson Richard Henderson ,


With recent conversations and events propelling privacy and data regulation concerns to the forefront, major U.S. tech companies are taking a moment to rethink and reassess how they handle customer data. In recent weeks, you’ve likely received emails and notifications from your apps and web services informing you of updated terms and services: almost all due to the full enactment of the European Union’s General Data Protection Regulation (GDPR). Tens of thousands of businesses and organizations around the globe rapidly prepared for the May 25 deadline and many major web properties and businesses such as Twitter even sent out updated policies in order to comply with GDPR.

Even though companies have had more than two years to prepare for this legislation, a recent study from the International Association of Privacy Professionals (IAPP) shows that 40% of companies are still behind schedule and only expect to achieve compliance now that the deadline has passed. However, while many EU member states have publicly stated that they may lack the resources to enforce GDPR, failure to comply can result in fines reaching up to 4% of global annual revenues or €20 million, whichever is higher.

If your company is struggling to achieve compliance or doesn’t know where to start, follow these tips to build an effective GDPR compliance action plan:

Gain visibility.

You can’t protect what you can’t see. This advice sounds basic, but most companies have limited visibility into the complex web of millions of endpoints connecting to their network. Workers in today’s globalized economy are always on the go with laptops, mobile devices and tablets in tow, accessing sensitive company data on the go. In fact, a recent Ponemon Institute survey found that 55% of vulnerable endpoints also contain sensitive data. From a compliance standpoint, that’s an astounding and panic-inducing statistic. Adaptiva’s 2017 Enterprise Endpoint Security Survey also found that 55% of participants believe security policy compliance checks should be run on every endpoint on a company-wide scale daily. However, many companies lack the resources for this level of security. It’s essential for organizations building GDPR compliance strategies to not just focus on their core server infrastructure but to also identify and monitor their endpoints. A Clutch study revealed that while 64% of employees use company-approved devices, only 40% are regulated for using personal devices for work purposes. There is a significant amount of customer data floating around your network, and that means a single lost, stolen or compromised device could cause your organization a lot of pain.

Evaluate the situation.

Once visibility is established and you have a better idea of where your data (and your customers’ data) is, it’s time to evaluate your current security baselines. Take the time to understand exactly what controls are in place on your assets, what software and operating systems are running on those devices, what their current patch levels are and perhaps most importantly, what specific protections are in place to protect the data on those devices. Full-disk encryption is no longer a “nice to have” on your devices, and arguments against it don’t hold the weight they used to. We know from the same Ponemon study that currently 23% of endpoints exist in an unpatched state, and 36% of enterprises can’t prove compliance. It’s critical for organizations to conduct these internal audits so they can develop efficient incident and data breach response procedures.

Page 1 / 2

Related Posts:

  • No Related Posts