Equip yourself for the GDPR.

The deadline for the General Data Protection Regulation (GDPR) is looming closer. Are you ready? In this two-part blog series, we’ll discuss the steps you can take to prepare for the GDPR before it takes full effect on May 25th.

Many organizations aren’t sure how to tune existing security policies and configurations for GDPR compliance. Though most of the GDPR’s requirements are centered on how to collect personal data, the rights of individuals, and data portability, there are certain requirements that require the attention of security professionals.

 For instance, Article 32 of the GDPR (security of processing) outlines the technical measures that every security administrator and compliance analyst should adopt to become or stay compliant. This includes implementing security policies to:

  • Encrypt any stored personal data.
  • Ensure confidentiality and integrity of the personal data at rest, in use, and in transit.
  • Restore personal data in the event of data loss.
  • Ensure continuous access to personal data by restoring any affected systems and services that store and process personal data.

 Above everything, security administrators should adopt an auditing system that both ensures that every action performed on their network is compliant with GDPR requirements and keeps personal data safe at all times.

 So, where and how do you start working towards GDPR compliance?

  1. Identify and isolate personal data.
  2. Leverage your existing security options and policies.

 Register for our free webinar on GDPR prep steps to learn more about ensuring personal data security.

 Step 1: Identifying and isolating personal data

Before implementing technical measures, you need to identify where personal data is stored throughout your network. Modern day data discovery and classification systems that are part of data loss prevention (DLP) applications can help you locate personal data and protect it with proper security controls.

 After you find where personal data is stored, you need to isolate it. You can use a separate database table, file server, or even just a file or folder to ensure that only a select group of users can view, access, or process this data. Isolating personal data makes auditing easier as well.

 Step 2: Leveraging existing security options to protect personal data

 For those using Windows, personal data resides in the Windows servers and file servers; in these environments, enabling regular audits and setting up proper security controls is the best place to start.

  1. Configure access control lists (ACLs) for files and folders that contain personal data. This ensures that only authorized employees get access to personal data. You can enable auditing for the ACLs, and track any failed accesses closely to detect and preemptively block possible data breaches.
  2. With security groups, you can put all the privileged users who have the right to process personal data in a group. Grant this group access to systems and applications in which personal data is being stored and processed so only this group’s members have access to personal data. Continuously audit the changes in these security groups to ensure this data remains protected.

 To learn more about leveraging security groups and ACLs, join our free webinar. Register now!