Data Governance and EU General Data Protection Regulation (GDPR)

After years of discussion, the European Parliament adopted the General Data Protection Regulation (GDPR) on April 14, 2016.

The EU GDPR brings in new obligations to companies that handle information belonging to individuals and this came on Friday, 25th of May 2018.

Under GDPR there are a number of new rules such as companies who process a lot of personal data will be obliged to appoint a Data Protection Officer, to carry out risk assessments, to implement data protection by design, to implement appropriate systems to minimise risk, to notify authorities within 72 hrs of a breach and most importantly to understand where all the subjects person data resides and protect accordingly. There are fines for companies who are proven negligent in the case of a security breach.

The new EU legislation makes reporting of breaches mandatory. And with potential fines for non-compliance of up to 4% of global turnover or €20m, not knowing what is happening within your IT systems is no longer acceptable.

Now is the time for organisations to take action to protect their data and that of the citizens of Ireland.

Over the past six years, research has consistently shown that the following general steps are correlated with top performance at safeguarding sensitive data:

  • Identify and classify your data – you can’t manage data you don’t know about, and not all data is worth the same level of protection
  • Prioritise your security control objectives for these information assets as a function of risk, audit, and compliance requirements (another way to think of data classification)
  • Establish consistent policies as part of an overall approach to safeguarding sensitive data, wherever it may flow – at rest in the back-end, in motion on the network, and in use at the endpoints
  • Empower end-users through ongoing awareness and training; transform behaviour and culture by integrating data classification into day-to-day workflow by providing the users with the tools to classify their documents
  • Close the loop through regular review and analysis of the information from management, auditing, and reporting systems, and communicate the results and trends to the owners of the business risks for the confidential information and intellectual property that is being protected

There is a general perception that implementing document classification can be an onerous and disruptive process, whereas if you engage with a subject matter expert and deploy the correct methodologies and tool sets, it can be a painless and very rewarding undertaking.

Related Partners & Resources

Boldon James Zinopy is premier level Boldon James partner

Check Point Zinopy is a Check Point Silver Partner.

Check Point Video – Your Second Pair of Eyes – Check Point Compliance Software Blade  (YouTube)

Check Point Data Sheet – Compliance Software Blade Overview    (PDF)