25th May 2018: a date that should be circled in red for all organizations. The EU’s General Data Protection Regulation (GDPR) comes into play in less than six months time. It should be common knowledge that businesses that fail to comply with the terms of GDPR could face fines of up to €20m or 4% of their global annual turnover – whichever is higher.
There has been ample warning, but with less than six months to go, are companies prepared?
No room for error
Any company handling the personal data of EU citizens must comply with GDPR, which demands that companies collecting, using and storing personal data must have adequate protections and controls in place. Failure to do so could result in huge fines, potentially risking company failure.
The last sixth months has seen several more high profile data breaches, including Equifax and, most recently, Uber. It begs the question whether even large enterprises are taking GDPR seriously. With the size of the fines, any company can risk failure.
Is it too late?
There is no point leaving preparations until the 24th of May – it simply isn’t worth the risk. Organizations need to be putting steps into place now in order to comply with the regulation. The mindset towards security needs to change – and fast.
The key to safeguarding data in line with GDPR is that security needs to move away from trusting every member of an organisation by default. Unfortunately, maliciously or not, people continue to be the weak link in the security of every organisation.
Preparations for GDPR should entail a move towards a ‘Zero Trust’ mentality, which assumes that every user could be compromised. As such, users must be granted access to only the information they absolutely ‘need to know’ to do their jobs.
The second step is to ensure that all data is protected. Taking out cybersecurity insurance in case of a hack, will not always result in a payout to help cover costs. Insurance policies will usually only pay out if the correct steps have been taken to secure data in the first place. Certes’ Layer 4 Encryption solution limits what the hacker can do if they manage to make their way into the network, and prevents them from moving laterally. This is a vital process that is currently missing from most cybersecurity strategies.
There is likely to be a mass panic in the next few months as companies realise they should have started preparations earlier. However, by approaching security with a Zero Trust mindset, enterprises can be confident that they are securing their data as well as complying with regulations.
Contact Certes Networks today to learn how our Compliance Solutions can help you!