25 May 2018 is an anxiously awaited deadline. What can you do to ensure your organization is ready for the General Data Protection Regulation (GDPR)? To start, what is the GDPR? It is, put simply, a new European Union privacy regulation that will permanently change the way you collect, store and use customer data.
GDPR took a long time coming, to say the least.
The European council held two conventions in the 80’s and 90’s acknowledging that the usage of computers had grown exponentially. In the wake of these conventions, the UK created a Data Protection Act in 1984, and another in 1998, with other countries following suit. Unfortunately, these acts were largely incompatible with each other.
Jump ahead to the early 2010s and the need for common law was sorely needed across Europe. The General Data Protection Regulation was proposed and then negotiated within the EU council and European parliament. The European parliament, then the council, reached an agreement following extensive negotiations. Eventually, in 2016 the regulation was fully adopted and put into place. A two-year implementation phase was decided, which brings us to May 25, 2018.
So, do you need to worry? If you have personal data of EU citizens, then the answer is yes, the GDPR affects you. Is it a concern? Only if you’re not prepared.
Want to learn more about GDPR for cybersecurity teams? Read the Definitive Guide now.
Without further ado, here are the 4 things we recommend you prepare for. Though we aren’t lawyers and are solely focused on accelerating incident resolution, we’ve done our research:
Want to respond to security breaches within 72 hours? Find out how now.
There’s no single solution for compliance to GDPR as it affects data across the enterprise, with major implications and fines. So, what do cybersecurity teams need to do?
Not all cybersecurity breaches are created equal. Not all need to be reported to an EU consumer – just the ones where specific personal data has been breached – like religion, political affiliation, and other personal details.
Resolve, the leading security incident response platform, can play a critical part when it comes to data breach reporting requirements. Resolve accelerates the time it takes to validate a detected alert and prompts initial investigation when a personal data breach occurs.
Upon determining a personal data breach has occurred, the organization must within 72 hours:
When a company has to notify their customers of a data breach within 72 hours, wouldn’t it be nice to say the threat has been responded to? With Resolve’s playbooks, automation, and orchestration, cybersecurity teams can play a part in the notification aspect of the GDPR. With Resolve, security operations teams can determine appropriate next steps.
To learn more about the General Data Protection Regulation and the implications to cybersecurity teams, read the Definitive Guide eBook and learn three ways accelerating security incident response will help your SOC comply.
Catch up on some of our most popular Automation and AIOps resources from 2020.