With the EU General Data Protection Regulation (GDPR) taking effect in May 2018, vendors in the US are helping their clients tackle the mandatory compliance date. The GDPR is designed to ensure personal data is protected through its entire lifecycle within an organization.
Businesses are challenged to make sure they have GDPR-compliant cybersecurity measures in place. The image below, from the 2017 Veritas GDPR Report, highlights organizations’ greatest concerns in relation to the GDPR.
Depending on the size of your organization and the information security measures you have implemented, applying the GDPR’s requirements can be a big challenge. CIOs must ensure effective storage, access, and management of data for as long as the organization maintains it, while preserving its confidentiality, integrity, and availability (CIA).
The GDPR applies to data stored and processed both physically and digitally, so it is important for the organization to value awareness of data security and to be prepared to take data security management measures. There is a trickle-down effect rendering organizations and solution partners responsible.
Organizations are obligated to include Software-as-a-Service (SaaS) providers in their cybersecurity policy. A company should scrutinize its vendors as much as its internal operations, going so far as to conduct IT governance audits.
Vendors offer insights and education to help clients tackle the GDPR
Vendors are helping clients with their GDPR compliance needs by educating them through information sharing. By poring through green papers, infographics, etc., CIOs are learning that client workplaces need to undergo a cultural shift pertaining to their information security management practices, particularly data governance.
For organizations with smaller information risk management strategies in place, help is available from external resource. Consultancies can help with cybersecurity awareness training, or use their information security management system expertise to help an internal IT team.
Personal data needs special handling
Since the GDPR is a global initiative, it applies to any business in the US that handles the personal data of EU residents. Organizations can be subject to penalties of up to 4% of their global annual revenue for failing to comply. The Regulation will force organizations in the US to address cybersecurity as a business concern and not just an IT concern.