Company Simplifies Adherence to May 2018 Mandate with Easy-to-Follow Guidance
Dataguise announced four steps that enterprises globally can take today to accelerate compliance with the European Union’s General Data Protection Regulation (GDPR). The regulation, which goes into effect May 25, 2018, applies to any entity that controls or processes the personal data of European Union (EU) residents, whether that entity is physically located in the EU or not.
GDPR is the European Union’s most demanding and far-reaching data privacy regulation to date. Organizations in North America and around the world with business operations in the EU now realize that they must adhere to the mandate in order to conduct business in the region. In an effort to stay ahead of the 2018 compliance requirements, many organizations are now seeking effective sensitive data governance strategies that will prepare them for these new restrictions.
To comply with GDPR, enterprises must take a data-centric, process-oriented approach to information privacy that starts with an understanding of the organization’s data landscape:
- The first step any organization must take to prepare for GDPR is to gain clarity on where their sensitive information resides, across every file server, database, and big data repository, both on-premises and in the cloud.
- Begin with a policy that identifies sensitive data throughout the organization, conducting an initial discovery process to locate telephone numbers, account numbers, salaries, emails and more using automated technology to catalog what is known and unknown.
- Perform an audit of the sensitive data that has been discovered to determine the next steps in terms of which data should be encrypted, masked, etc. Understand what data can be posted on the Web versus what must be kept within the walls of the organization.
- Put in place the appropriate sensitive data protection controls to guard against external and insider threats.
- Insiders know where the data crown jewels are located. Therefore, administrators must make decisions on the data that both insiders and outsiders can view. Data-centric masking is one way to transform the data in a way that permanently disassociates sensitive information from the data presented. Alternately, data-centric encryption provides a two-way protective process that allows data to be encrypted and decrypted by those with authorized access.
- Fully automate processes for sensitive data governance.
- With data flows now including information from the cloud, social media, and IoT, there is simply too much information to manage manually. In order to properly oversee the safe and compliant management of this information, a policy-based, automated approach must be put into place for effective protection.
- Generate sensitive data reports continuously for data at rest and in motion.
- The ability to monitor sensitive data will play a key role in ensuring GDPR compliance. For successful monitoring, selected solutions should indicate quantities of sensitive in the enterprise and show the condition of that data, how much data has been scanned, the amount of data being monitored, and which data has been assigned with alert rules for 24×7 monitoring.
In a recent opinion piece, Paige Bartley, Senior Analyst, at Ovum, a leading analyst firm covering GDPR, noted the challenges facing the enterprise as steps are taken towards compliance.
“With less than a year remaining, many firms are realistically going to have to prioritize their GDPR compliance goals with respect to the deadline, and prioritize the data that they target for control. While this may not seem ideal in comparison to striving for full compliance, it may be more justifiable than a last-minute, uncoordinated rush to meet deadlines,” said Bartley. “The enterprise that finds itself in this position will be best served to stay the course, sticking closely to its predetermined plans, and documenting the exact steps that were taken to prioritize certain data or objectives over others. As long as good intent and systematic action can be demonstrated, the enterprise will receive a certain degree of insulation from regulatory action.”
Dataguise supports IT, business, and legal professionals concerned with data privacy regulations currently on the books or that will see implementation over the next 12 months. The company’s software locates all sensitive data across distributed business environments and provides encryption, masking, auditing and monitoring to support the protection of sensitive data in structured, unstructured, or semi-structured repositories. This will be critical for organizations that will be impacted by GDPR, which threatens fines of up to 4% of total global revenue or €20M (whichever is greater) for non-compliance.