Building a GDPR Framework for the Future

Are Businesses Ready for GDPR?

A May 2018 report by a leading IT research organization found that only 36% of organizations expected to be fully compliant with the General Data Protection Regulation (GDPR) by its May 25 deadline. Nearly 20% hadn’t even begun preparations.

The GDPR, which intends to improve data privacy for data subjects from the European Union (EU), has changed the way data is administered on a worldwide scale. It requires re-examinations of how data security, privacy, and compliance are administered by corporations around the globe.

The New Yorker calls the GDPR “the most contested law in the E.U.’s history.” Enforcement of the regulation is expected to be exceptionally disruptive across all industries. Failing to comply can result in fines of up to 20 million euros or 4% of annual turnover. However, so long as businesses make an attempt to attain compliance, it may not be likely that fines of this size will be levied in practice.

Even so, businesses need to keep making efforts toward attaining compliance with the GDPR far beyond the May 25 enforcement date.

Designing a GDPR Framework

How can businesses build a comprehensive GDPR framework?

First: develop a holistic approach to prepare for and meet GDPR requirements. The framework should outline requirements around privacy (the controls within an organization regarding how personal or regulated information is collected, used, and shared) and security (the technical safeguards to ensure data confidentiality, integrity, and availability). Identifying a framework to follow is a critical element of preparedness, and should span five phases: assessment, design, transformation, operation and conformity.

Second: think big, start small, and deliver fast. Utilizing software-as-a-service (SaaS) offerings lets teams start taking on the steps in the GDPR framework right away.

SaaS offerings can map to the first step in the GDPR framework by helping organizations efficiently assess security and compliance risks associated with GDPR personal data. This helps create a prioritized action plan. You can then pinpoint the databases that are at greatest risk, whether they are on-premise or in the cloud, and take the necessary steps to secure them.

The right approach lets your team prioritize the databases that contain the largest amount of the most sensitive data. Features to look for include database connection encryption, advanced classification and risk assessment profiles, sorting and filtering measures, and tools that allow insight for reporting purposes. SaaS offerings like these must be designed from the ground up for assessing and managing sensitive data.

GDPR into the Future

Even though we’re now past the May 2018 enforcement date, businesses must keep pushing their personal data protection strategies forward to remain compliant and maintain customers’ trust in their commitment to data security.

And the GDPR may only be the first step in the process. The regulation stands as an opportunity to change how we think about and manage data all over the world. With the protection and trust that the GDPR offers, customers are proving more comfortable than ever before with how corporations manage their data. This promises to open new doors in customer-business relationships that may unlock entirely new business models. By bringing your data protection posture up to grade, your organization can be at the forefront of whatever benefits the future brings.

 

About the Author

 

Jeff Quinlan

North American Security Sales Leader

A cyber security veteran, Jeff Quinlan has been deeply involved in delivering enterprise security solutions to many of the largest financial services providers in North America for the past 15 years.