The EU isn’t sitting back when it comes to the theft of personal data. To fight back, the EU has passed GDPR (General Data Protection Regulation), a single set of standards to protect the personal data and privacy of all EU citizens. If you haven’t already, it’s time to get busy addressing compliance, and while you’re at it, use GDPR to gain a competitive advantage.
What’s the upshot of GDPR?
GDPR provides for the rights of individuals to have no-cost access to all data collected, obtain confirmation of processing methods and correct, erase and port their personal data. Even if your organization is not located in the EU, if you run your data through an EU data center or store personal information on EU customers, GDPR needs to be on your radar.
The compliance deadline is May 2018. Not only is time short, but potential costs are high. One study found that Fortune’s Global 500 companies will spend roughly $7.8B on GDPR compliance. The same study found that while nearly all affected companies give GDPR a high priority, nearly a quarter of respondents hadn’t yet begun to tackle it.
Know how GDPR applies to you–and the consequences of non-compliance
GDPR applies equally to organizations that collect personal data (“data controllers”) and those who process it (“data processors”). If you’re a controller, you’ll need to carefully manage third party data processors. If you’re a data processor, you are required to implement appropriate security measures and process personal data in accordance with the controller’s instructions. The main thing to recognize is that you’re in this together and need to hold each other accountable.
The price of non-compliance isn’t cheap — up to four percent of your global worldwide revenue or €25 million. Some primary considerations in assessing fines will be strength of privacy measures, the capacity for continuous risk assessment, number of people affected (and how seriously) and damage mitigation. How will you fare in case of a data breach? Chances are you need to step it up.
Leverage GDPR for competitive advantage
It’s time to get positive and reap the potential advantages of GDPR. With foresight, you can implement security measures that will not only reduce the risk of data theft and GDPR fines but also spur customer trust and competitive advantage.
CIOs, CSOs and other network security leaders – this is your chance to shine! With GDPR, you have clear justification to promote IT and cybersecurity as central pillars of your digital transformation and business growth strategies.
What is the role of technology?
Technology is without question a prime mover in the defense against cybercriminals. Just one example is its use in limiting access to personal data. If your data is breached, regulators will certainly frown upon companies that use weak and easily compromised authentication credentials.
The response of many companies is to go beyond traditional multi-factor authentication (MFA) approaches in favor of more optimized solutions that better secure all IT systems and applications in complex IT environments. GDPR also requires a cybersecurity program be established. While it doesn’t prescribe a specific program, it is generally understood that having security controls around access management are essential.
Next-generation approaches, such as our DigitalPersona® solution, offer a broad range of identification factors, reduce dependencies on people, are convenient for users and are adaptive to today’s dynamic threat environment.
Be smart about authentication and other cybersecurity issues and you’ll gain consumer confidence, set yourself up for competitive advantage and be one giant step closer to meeting GDPR standards.
Jeff Carpenter is Director of Identity and Access Management solutions at Crossmatch. In this role, he is responsible for evangelizing Crossmatch’s DigitalPersona® solution. In his 10+ years in cybersecurity, Jeff has held positions with a number of top tier cybersecurity and technology companies, most recently he was with RSA, a Dell Technologies company. Jeff earned a Bachelor of Science degree in Business Administration from Creighton University in Omaha, Nebraska. He holds both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP) designation.