Oct 25 2018
If you do business in the European Union, or you hold data about or generated by EU citizens, you need to be compliant with the General Data Protection Regulation (GDPR). GDPR puts data protection front-and-center, so how do you ensure you meet those regulations? We’ve done the research and created a list of useful tips on staying compliant with GDPR and ensuring you don’t run afoul of data requirements.
Let’s get into it.
GDPR applies to data you hold, regardless of where it is stored. That means all of your environments, including:
GDPR relies on protecting all of the relevant data you hold, which typically means anything generated by or involving a citizen of an EU country. If you want to properly protect your data, you need to understand various factors including:
Search, question, and audit all the data you hold, so you have a complete picture of all the information that’s affected by GDPR.
GDPR requires that data processing systems have “integrity, availability, and resilience.” Examine the various IT service provision requirements around your processing systems for various areas including:
With data breaches on the rise, it’s vital to do everything you can to protect sensitive information. You can achieve this through a combination of multifactor authentication, penetration testing, vulnerability assessments, role-based access, and other data security best practices. You can also look into encrypting the GDPR data that you hold <link to encryption blog post once published>, whether it is “in transit” or “at rest.” This provides an extra level of protection and security, as without decryption keys, illegally accessed data is effectively useless to a hacker.
One of the most important areas of GDPR is “The Right to be Forgotten.” This means a customer can request your company erase data that you hold about them. You must ensure you have proper data erasure processes in place, across all your environments, and that they are properly aligned with your customer facing teams.
These tips will help you stay compliant with GDPR, protect customer data more effectively, and create a more disciplined approach to data management. And that’s good for everyone.