As you’re painfully aware, GDPR (General Data Protection Regulation) requires any organization that stores, processes, or transmits personal data on European Union citizens (even organizations outside of the EU) to undertake “data protection by design” and “data protection by default” with regard to that information. A major component of the regulation is the requirement to report “without undue delay, where feasible within 72 hours is data is unlawfully, destroyed, lost, altered, accessed by or disclosed to unauthorized persons where there is a risk to individual rights.”
What this means is if you have a breach you must report it and you must prove that you have sufficient measures in place to prevent such breaches. The most egregious violators of GDPR can face penalties of up to 4 percent of annual global revenue.
However, the good news is that companies that do feel prepared for the impact of GDPR say that getting ready is really about ensuring that your organization is properly leveraging few fundamental security technologies that should already be in place.
While GDPR is facilitated by data encryption, network security, and email security, I’d like to focus on five key identity and access management (IAM) approaches that will also greatly aid GDPR compliance. In general, those organizations that felt prepared for GDPR had the highest levels of confidence in their deployment and use of the following IAM solutions:
- Access control
- Multifactor authentication
- Secure remote access
- Privileged account management
If you’d like to learn how you can add (or improve) any of these IAM disciplines in your organization to accelerate your readiness, download our GDPR eBook which details the regulation, and the how’s and why’s of these key IAM technologies.
GDPR is nearly here, but it doesn’t have to be as scary as it sounds.
For a complete explanation of IAM’s role in GDPR compliance, visit our resource page.