The European Union’s General Data Protection Regulation (GDPR) goes into effect May 2018, potentially imposing material fines and sanctions on non-compliant businesses that process, store, or otherwise handle information of any EU citizen, regardless of where the business is based. The regulation:
- Requires companies to implement privacy controls around the collection, processing, and security of personally identifiable information (PII), commensurate with the level of risk.
- Includes provisions for Rights of EU residents (inquiry, correction, deletion, etc.)
- Requires ‘appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures’
Recently, RSA commissioned Forrester Consulting to publish a thought leadership paper titled Fact or Fiction: The State of GDPR Compliance, GDPR Compliance Requires More Than IT.
Forrester’s paper is the culmination of a large cross-industry survey of risk and information management professionals located in Europe and the United States. It presents both caution and hope for organizations working toward compliance.
If your organization is subject to GDPR, I encourage you to read this paper to better understand how your priorities align with your peers, and Forrester’s recommendations for program development and management.
Learn more about how RSA® Business-Driven Security™ solutions can support GDPR compliance.