There’s no doubt that the General Data Protection Regulation (GDPR) is one of the most highly anticipated regulatory mandates of the last decade. With May 25—the deadline to comply with the GDPR—just around the corner, you have less than 30 days to become GDPR compliant. Failing to do so will not only attract a huge compliance violation penalty for you (a maximum of €20 million or 4 percent of your global annual turn over, whichever is higher), but it will also break the trust that you’ve built with your customers.
As a security professional, you might think that the GDPR is all about data subjects’ rights and getting proper consent, which means you have little to no role in ensuring compliance for this regulation in your company. This, however, is a widespread misconception—one that may end up costing millions in fines for the businesses who believe it. Here are two reasons you should be taking the GDPR seriously:
- Reason #1: The GDPR insists on deploying technical measures to ensure the integrity, confidentiality, and availability of personal data. This goal, of course, is simply added to the bucket of tasks data security and IT security professionals like you carry around daily. You should make sure that you have proper technical measures in place, because you’ll be accountable for both ensuring personal data is not modified in an unauthorized manner as well as ensuring that the systems and applications processing personal data aren’t compromised or inaccessible for extended periods.
- Reason #2: One of the most critical requirements of the GDPR is notifying the lead supervisory authority upon a data breach. When it comes to network security, the GDPR understands that attacks can’t always be blocked proactively. Taking this into account, the GDPR insists on using a proper breach detection and a reporting mechanism that’s capable of promptly detecting data breaches. To that same effect, within 72 hours of detecting a breach, you’re required to report it in detail (including consequences of the data breach, number of records affected, measures taken to mitigate and prevent such attacks in future, etc.) to the supervisory authority. But that’s not all; security professionals are also liable for implementing security measures that prevent known data breaches from happening, and meeting these requirements (Article 32) is surely the responsibility of a security administrator.
The deadline for the complete implementation of the GDPR is fast approaching, so you need to act quickly if you wish to meet these security requirements in time. That’s why we’ve drafted The Security Admin’s Survival Guide for the GDPR. This e-book is designed to show you:
- Five security measures that you must adopt to be GDPR compliant, including:
- Discovering, isolating, and backing up data.
- Setting up security configurations.
- Configuring alerts to detect security incidents.
- Setting up notifications to instantly detect breach attempts.
- Generating post-breach incident reports.
- How ManageEngine can help you comply with the GDPR.