GDPR is designed to harmonize data privacy laws across Europe and applies to any organization operating in the EU, as well as organizations outside the EU that offer goods or services in the EU. That means most major corporations are affected.
After years of nonexistent or belated disclosure of breaches, stolen identities and negligent data handling, businesses are now mandated to align their data protection strategies with the GDPR framework and do what they can to avoid the hefty fines associated with non-compliance. With unprecedented requirements such as the 72-hour notification of a breach, upholding security standards is now a company wide issue.
GDPR’s impact on the security ecosystem presented at ISC West provides a good overview of the scope and solution set required for effective GDPR compliance.
In addition to complying with regulation, GDPR could serve as a catalyst for security professionals to get ahead of the curve as businesses continue their massive digital transformation and makeover.
Security leaders and professionals can take the lead on:
- How to bring together policies, plans, people and processes to ensure continued GDPR compliance.
- How to identify gaps and prioritize intervention and investments.
- How to use GDPR as a continuous improvement tool and take leadership in addressing broader security issues in the distributed IoT environment. For instance, actively seeking visibility into and developing an understanding of data flows and patterns could help security professionals create a layered security strategy, and include appropriate response and recovery options to mitigate dynamic risks.