GDPR Planning and the Cloud
Data protection is on a lot of people’s minds this week. The Facebook testimony in Congress has focused attention on data privacy. Against this backdrop, IT security professionals are focused on two on-going developments: the roll-out next month of new European regulations on data (the General Data Protection Regulation, or GDPR) as well as the continued migrations of data to the public cloud.
GDPR is mostly about giving people back their right over their data by empowering them. Among other rights and duties, it concerns the safe handling of data, the “right to be forgotten” (among other data subject rights) and breach reporting. But apparently it will not slow migration to the cloud.
According to a McAfee report being released today, Navigating a Cloudy Sky, nearly half of companies responding plan to increase or keep stable their investment in the public, private or hybrid cloud, and the GDPR does not appear to be a showstopper for them. Fewer than 10 percent of companies anticipate decreasing their cloud investment because of the GDPR.
Getting Help for GDPR Compliance
What is the practical impact of all this? Say your CISO is in the early stages of setting up a GDPR compliance program. In any enterprise it’s important to understand the areas of risk. The first step in managing risk is taking a deep look at where the risk areas exist.
McAfee will feature a GDPR Demo1 at the RSA conference in San Francisco this week that will help IT pros understand where to start. The demo walks conference attendees through five different GDPR compliance scenarios, at different levels of a fictional company and for different GDPR Articles, so that they can start to get a feel for GDPR procedure and see the tools which will help identify risk areas and demonstrate the capabilities for each.
Remember, with GDPR end-users are now empowered to request data that they are the subject of, and can request it be wiped away. With the latest data loss prevention software, compliance teams will be able to service these requests by exporting reports for given users, and the ability to wipe data on those users. But a lot of companies need to learn the specific procedures on compliance with GDPR rules.
GDPR could be looked at as another regulation to be complied with – but savvy companies can also look at it as a competitive advantage. Customers are increasingly asking for privacy and control. Will your business be there waiting for them?
The cloud, GDPR and customer calls for privacy are three developments that are not going away – the best stance is preparation.
1 McAfee will be in the North Hall, booth #N3801 (the “Data Protection and GDPR” booth) and also in the South Hall at the McAfee Skyhigh booth, # S1301.
More antivirus and malware news?
- Update: Wireless Issues affecting Telecom Aggregate
- A lack of IoT security is scaring the heck out of everybody
- Forecast 2013: Setting a mobile risk management strategy
- Resolved: Brief impact to services experienced
- Microsoft Windows SMB Server CVE-2017-0272 Remote Code Execution Vulnerability
- FBI Tor exploit appears on Metasploit penetration tester forum
- Microsoft Windows DNS CVE-2018-8320 Security Bypass Vulnerability
- Researchers discover vulnerability in Samsung’s Knox BYOD software
- Microsoft Windows Graphics Component CVE-2017-8695 Information Disclosure Vulnerability
- Financial Attackers as Sophisticated as Nation-State Groups: FireEye