The General Data Protection Regulation (GDPR) goes into effect in May 2018: Is your business ready? Any business that handles the personal data of European Union residents — no matter where they’re based — must comply. Here’s what you need to know to prepare…
International reach, unprepared organizations
The GDPR will have an international reach, applying to any organization that handles the personal data of European Union residents — in the UK and beyond. The regulation introduces obligations for data controllers and processors to protect personal data “by design and default,” with strict guidelines around data breach notification, consent, and the right to be forgotten.
Unfortunately, research from Veritas indicates that more than half of global organizations have failed to begin any work on meeting minimum GDPR compliance requirements and that less than a third of organizations meet these minimum requirements today. Not many businesses can afford non-compliance fines that can total a whopping 4 percent of global annual revenue (about $23 million U.S.), or the irreparable damage to company reputation.
Accountability is the core of the new GDPR rules, so organizations must have a way to demonstrate they have taken appropriate steps to safeguard personal data — which includes a seamless, connected security strategy that works across the organization, from device to data center to the cloud.
Richard Henderson, Absolute’s global security strategist, says organizations cannot afford devices that “go dark” — devices that IT can’t track — either because they’re off the network, have been stolen, or have been rendered inoperable through loss of critical software.
Even when encryption, antivirus and asset management solutions are active, malicious users can still uninstall or disable them, exposing businesses to security risks and rendering them non-compliant with GDPR, among other security protocols.
“Companies need to maintain a constant connection, whether devices are on or off the corporate network, to stop them from becoming the gateway to a damaging breach,” he says. “They need to be able to track devices, detect suspicious and unauthorized behavior, and remotely disable or delete data if necessary.”
May 23 Webinar: Global Implications of GDPR Legislation
Join Absolute’s data protection experts, along with leading technology and compliance lawyer Jonathan Armstrong, as they share practical insights on the global implications of GDPR. Register today and get more information, including:
- GDPR compliance: What’s required and what’s at stake
- Organizational logistics: Steps businesses need to take now to be GDPR-ready
- Best security approaches: How to ensure compliance, and protect your data – and your brand
- Pre-emptive actions: How to eliminate the blind spots between networks, identity and access management, data encryption, endpoint security, and security managed services
WHEN: May 23, 2017 at 8am PST/11am EST
SPEAKERS: Jonathan Armstrong, partner at Cordery Compliance, and Nima Baiati, senior director, product management, Absolute: Jonathan Armstrong and Nima Baiati will explain how global businesses can meet the demands of the EU GDPR for data protection, as well as best practices for the clear auditing and tracking of data and devices, and how to strengthen your overall endpoint security posture to withstand threats.
Register today & learn more:
The information in this blog post is provided for informational purposes only. The materials are general in nature; they are not offered as advice on a particular matter and should not be relied on as such. Use of this post does not constitute a legal contract or consulting relationship between Absolute and any person or entity. Although every reasonable effort is made to present current and accurate information, Absolute makes no guarantees of any kind. Absolute reserves the right to change the content of this post at any time without prior notice. Absolute is not responsible for any third party material that can be accessed through this post. The materials contained in this blog post are the copyrighted property of Absolute unless a separate copyright notice is placed on the material.