This post was originally published here by Ā Jacob Serpa.
In May of 2018, the EU will begin enforcing itsĀ General Data Protection Regulation (GDPR)Ā to ensure the security and privacy of member statesā citizensā data. As virtually all organizations collecting or handling the personal data of EU citizens will be affected by the regulation, they must begin taking actions to reachĀ compliance. Failure to do so can lead to heavy financial and reputational penalties.
BitglassĀ recently released a report detailing how itsĀ cloud access security broker (CASB)Ā can help meet various requirements under GDPR. A high level overview of three of these requirements can be found below.
Right to Erasure:
Data subjects have a right to erasure whereby they can request that an organization delete their information. Subjects can invoke this right at any time, even if it is simply because they wish to withdraw their consent. As such, organizations must be able to delete data quickly and completely. Because Bitglassā CASB uses API integration across majorĀ cloud appsĀ and evenĀ custom apps, it can delete data from the cloud and make it inaccessible from devices.
Privacy by Design and Data Protection:
Under GDPR, organizations must demonstrate that their processes (technological and otherwise) are constructed in a way that protects data and data subjectĀ privacy. This can encompass a number of requirements such as protecting against unauthorized data access andĀ malware. With contextual access controls andĀ ATP powered by Cylance, Bitglass can prevent unauthorized data access and the spread of malware, respectively.
Data Residency and International Data Transfers:
Where data is physically located is an important consideration under GDPR. As relatively few countries are deemed āsafe,ā great emphasis is placed on maintaining visibility and control over data to prevent it from being exposed in unsafe conditions abroad. Fortunately, there are tools that help ensure data residency but also allow for flexibility in regards to where data is accessed, processed, and stored. For example, with Bitglass, organizations canĀ encryptĀ data in the cloud and hold their encryption keys locally in order to meet the requirement.
Organizations should begin acting now to reach compliance by May 2018. Adopting a security solution that rapidly provides a breadth of GDPR coverage is a must. For additional information on GDPR requirements and how Bitglass can help organizations reach compliance, download the full report below.
Photo:Prosperity 24.7