Unless you’re living under a rock, you’re likely aware that GDPR takes effect today. This isn’t a finish line, though. In fact, it’s the opposite. The sky isn’t falling and business will continue to operate, just with slightly different rules when it comes to private EU citizen data. Today is simply the start of something new. This week’s news round-up is your one-stop list to help you catch your breath before waltzing into our new regulatory future.
Despite headlines, surveys and marketing campaigns aiming to educate the public on what GDPR is, how to actually comply with GDPR isn’t so cut and dry. Wired published an excellent guide to getting to the bottom of how GDPR is going to affect everyone, why it’s being put into place and how you should react, plain and simple. We know many people have been hearing about GDPR increasingly over the past year, but the fact is, businesses and regulators are still not truly ready. So continuing education on the basics should still take priority.
If so many organizations really aren’t prepared, how will this be enforced? Security practitioners sing the ‘not if but when’ mantra often. Well, GDPR is not a one-punishment-fits-all regulation. That doesn’t mean you should assume regulators will go easy on you, but it does mean they will take into account if you were following GDPR as closely as possible and trying to prevent the data exposure.
So how, exactly, do you prove that you prevented a leak as best as you could? The key to preparedness begins with mitigating risk and showing that you did all you could to prevent the data leak. If you’re a silver lining type of person, this is your golden opportunity to create an identity infrastructure that puts proverbial walls and plugs where sensitive data might otherwise leak.
Further, enterprises will simply no longer have the luxury of investigating a breach for any amount of time before going public with the information, as GDPR is as much about timely notification of exposed data as it is about initial protection.
Organizations must now stop and think about how and why they’re collecting personally identifiable information (PII), how they’re protecting it and how they’re letting consumers know if that PII was breached. What that really means is that GDPR is a forcing function for every employee, no matter their role in the company. Our CMO has focused on the role of marketing in GDPR, for example, and how marketing will need to champion data privacy. This is the kind of thinking we all need to harness – GDPR is everyone’s responsibility, it is not relegated to our security and privacy friends.
You’ve also likely noticed the tsunami of emails with updated privacy policies and even asking for consent to keep emailing you. This the first way nearly every consumer is seeing an immediate GDPR impact.
While businesses are still a bit afraid of what the first GDPR case will look like, we have good news for you. You can manage GDPR compliance with identity and minimize your chances of being that first case. As enterprises face an avalanche of data stored in files, finding the sensitive data within those files is a daunting – but necessary – task when it comes to GDPR compliance. It’s a big problem, but it’s also a major opportunity to secure the new enterprise perimeter and truly be ready to face both regulations and potential attackers.
GDPR is perhaps the largest and most far-reaching of the new wave of regulations today’s enterprises face. This new normal we are living in is simply forcing businesses and consumers to do what they should have been doing all along. We’re all figuring this one out together, and in the coming weeks and months, we’ll see the true impact of preparedness unfold. In the meantime, you should probably take a moment to read the actual regulation.
Until next week, stay secure!