40% of organizations will be in violation of the GDPR by 2020; this is expected to be near zero by 2023.
Source: Gartner® Inc. "EU Privacy Will Impact Delivery of Your Data Security Product Marketing Messages" - 10 March 2017
What is GDPR?
GDPR establishes the many measures organizations must take to protect personal data belonging to residents of the EU. These measures include (but are not limited to): understanding what personal data an organization handles and where this data resides; performing risk assessments to gauge an organization’s exposure to accidental or unlawful loss of this data; implementing various technical and organizational controls to protect personal data; and appointing a chief data protection officer charged with overseeing GDPR compliance.
GDPR applies to any organization that handles or processes personal data belonging to EU residents. It establishes strict breach disclosure requirements, and when enforcement begins on May 25, 2018, will impose stiff fines for non-compliance.
One of the clearest and most concise overviews of GDPR you’ll ever read, this blog demystifies what the law entails and means for your organization. Find out what you’ll need to do at a high level to comply, and why the EU is imposing such strict fines for non-compliance.
This must-read report featuring insights from respected legal and security experts outlines specific GDPR compliance challenges you probably haven’t considered. It also highlights the unusual circumstances that could compel your company to comply, and offers specific examples of the law’s rigorous documentation requirements.
Looking for a single GRC solution to help you manage GDPR compliance? RSA Archer gives you the tools you need to document your compliance requirements and perform the risk assessments, control testing and other activities mandated by the regulation. Gain a clear view of GDPR compliance across your organization with RSA Archer.
How RSA facilitates GDPR compliance
GDPR highlights the need to put security details in business context and to align security controls with risk exposure. RSA Business-Driven Security solutions help organizations address GDPR compliance obligations in four key areas:
- Data Breach Preparedness: RSA NetWitness Suite; RSA Archer Suite; RSA Risk & Cybersecurity Practice
- Data Governance: RSA SecurID® Suite; RSA Archer Suite; RSA Risk & Cybersecurity Practice
- Risk Assessment: RSA Archer Suite; RSA Risk & Cybersecurity Practice
- Compliance Program: RSA Archer Suite; RSA Risk & Cybersecurity Practice
A survey of UK consumers conducted on behalf of RSA finds that 34 percent have lost trust in companies’ ability to safeguard their data. Another 28 percent of respondents boycott companies that mishandle customer data. These and other survey findings demonstrate why the EU felt strict data protection regulation was in order.
Find out why implementation of RSA NetWitness Suite may be your quickest win on your way to GDPR compliance. The RSA NetWitness Suite threat detection and response platform helps to support GDPR data protection requirements and may also help you demonstrate the adequacy of your security measures to EU regulators.
This white paper offers a list of very specific technical and operational measures your organization may need to take to comply with GDPR. It further examines GDPR compliance through the lens of business risk management, identity and access management, and threat detection and response.