After several years in the making and a tidal wave of press coverage, the long-awaited EU General Data Protection Regulation (GDPR) finally came into force on May 25. And we’re all still here. But even if you still haven’t got your compliance house in order, it’s not too late.
Many IT and business leaders view the GDPR as the “Everest” of regulatory frameworks; a compliance mountain they simply cannot climb.
Our advice is: don’t panic. There’s still time to prove to regulators that you’re on the right path. For those who need some inspiration, just think back to Eric Moussambani and his amazing feat at the Sydney Olympics. If “Eric the Eel” can beat the odds, so can you!
Yes You Can
Moussambani shot to fame in the 2000 Summer Olympics after he managed to win his heat despite having never before seen a 50-meter long Olympic-size swimming pool. In fact, he only took up swimming eight months before the Games and practiced in a lake and a 12m hotel pool he had access to for just an hour a day. Eric the Eel’s performance for his native Equatorial Guinea shows that perseverance, determination and self-belief are virtues that can overturn even the longest odds.
Many of you may be thinking the odds are also against you as you try to get ready for the GDPR. At first glance it certainly appears a daunting task. The GDPR is a long, complex piece of legislation which may demand a new approach to processing and protecting data on your customers and employees. It introduces sweeping new rights for consumers and obligations for organizations. As if that weren’t enough, rumours have been swirling ever since the deadline date was announced that regulators will look to make an example out of some companies with multi-million-dollar fines early on.
Well, the first thing to note is that isn’t going to happen. The UK’s Information Commissioner’s Office (ICO), which was instrumental in helping to draft the law, has urged organizations not to believe such scaremongering. In fact, it says: “GDPR compliance will be an ongoing journey.” That means even if you have just made a start by the end of May, it will be looked upon favorably. Keep the watchwords of “accountability” and “transparency” in mind at all times, and you won’t go too far wrong. That means building an organization-wide culture which takes data protection and consumer rights seriously, training up staff, and most importantly understanding what data you hold and putting effective security controls in place to protect it.
How Safe-T Can Help
That said, the ICO has also warned that there will be “no grace period” following May 25. So, what can you do to beat those odds and kickstart your compliance journey?
The GDPR is very much a process-driven piece of legislation, which means few technologies are explicitly listed, aside from encryption. If there were, it would be much harder to future-proof the new law. The good news is that Safe-T’s Secure File and Email Access technologies offer a solid foundation on which to build your compliance efforts.
Safe-T’s Software Defined Perimeter renders data invisible to unauthorized users, thus protecting organizations from compromise associated with external attacks and internal threats. Once user and device are authenticated, only that user is granted access to the requested data. This alone will go a long way to meeting GDPR requirements around the protection of key data.
But at a more granular level, multiple features also support various GDPR stipulations:
- Encryption: Is the only technology explicitly referenced in the legislation, alongside pseudonymization. Safe-T ensures all User ID, credentials and passwords are encrypted.
- Data minimization: Is a key principle of the GDPR. If you don’t need it, don’t store it. Safe-T SMTR allows data which is no longer required to be deleted from the Exchange Server.
- Restrictions on data use: By default, only data which is necessary for each specific purpose of processing should be processed, according to the GDPR. With Safe-T, the data controller can limit access to databases and files via authentication with credentials.
- Incident response: The GDPR calls for communication of any breach to regulator and individual “without delay” in serious circumstances. Safe-T reporting and audit logs support fast action.
- Third Parties: Data can be transferred to countries outside the EU only if the controller has put in place “appropriate safeguards”. Safe-T integrates with third-party AV, DLP, digital signage and more to facilitate these controls.
To find out more on how we can help you beat the odds and accelerate compliance, take a look at our new Safe-T GDPR matrix.
Remember, the GDPR will not respond to a check-box compliance strategy. A successful approach should enable you to drive growth and competitive differentiation off the back of improved data protection and closer bonds of trust with your customers.