Technology for GDPR Compliance: Turning Plans into Action

Organizations around the world have spent months preparing to comply with the European Union’s new General Data Protection Regulation (GDPR). Given the complexity and scope of the new regulation, many organizations have been working closely with expert advisers to plan strategically for the steps they will take toward compliance. And as the May 25, 2018 deadline for compliance has drawn ever closer, strategic planning has become increasingly coupled with tactical decision-making about the technology that will be needed to put their plans into action.

Compliance with GDPR’s sweeping new requirements for protecting EU data subjects’ personal data necessitates a multi-pronged technology approach. Among the technology areas that have a part to play, three in particular are key: data governance, identity and access assurance, and threat detection and response.

Data governance is foundational to compliance with a regulation that mandates protection of personal data. Fulfilling that mandate rests on knowing what data the organization maintains, where it exists and the extent to which it is at risk. Data governance is essential to identifying personal data within the organization, assessing risk and documenting controls that have been put in place to mitigate risk.

Identity and access assurance protects personal data at the figurative “front door” to an organization, with technology to authenticate users seeking access to data. Beyond authentication, identity governance helps demonstrate compliance with monitoring and reporting requirements.

Threat detection and response systems that are specifically designed to detect and respond to threats rapidly are critical to protecting personal data from (Read more...)

*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Steve Schlarman. Read the original post at: