Light Dark
December 16, 2016 By Cathal O'Donovan 2 min read
Cloud Security
Data Protection

In December 2015, the European Union (EU) announced a framework designed to combine the various data protection laws throughout the region. The General Data Privacy Regulation (GDPR) impacts many industries, from coffee shops to football clubs. It essentially affects any institution that retains personal information, especially businesses that store or handle data in multiple countries. In this digital age, our end users could be anywhere.

New Challenges Under the GDPR Compliance Regulations

Preparing for the GDPR compliance regulations is a companywide challenge, not just for the ops and compliance teams. The regulation will broaden the scope of what qualifies as personal and sensitive information when it takes effect in May 2018, requiring security teams to review how they store and encrypt this data. Additionally, companies will be required to produce copies of any customer data it collects upon request.

Under the GDPR, companies must report data breaches to the Supervisory Authority (SA) within 72 hours. This will require chief information security officers (CISOs), chief technology officers (CTOs) and legal teams to review or create processes and procedures and adopt new technologies. To remain compliant with the GDPR, IT leaders must equip their security ecosystems with effective identity and access management (IAM), encryption, log management and incident management tools.

Preparing for the GDPR

To prepare for the GDPR, executives, employees and managers must understand how it impacts operational practices at every level. Cloud operations managers must determine what personal data they are currently storing, where it lives, how it flows within the organization and how it is secured. Determine how personal data is shared and whether third parties will need to access it.

It’s important to review all data retention schedules, cross-border data transfers and privacy notices. IT managers should also work with the lines of business to review data subject consent and choice mechanisms. Then they determine how to respond to access, correction and erasure requests.

Organizations must take these steps as soon as possible or risk paying up to 4 percent of their annual revenue for violating the GDPR compliance regulations.

Read the Interactive Solution Brief: Ready, Set, GDPR

 |  |  |  |  |  | 
Cathal O'Donovan
DevOps Manager, IBM

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature