The compliance deadline for the GDPR is just a year away. That may seem like plenty of time remains, however you must take into account that the requirements as well as the amount of internal collaboration needed to address them can take more time than you’d imagine. Also, securing the services a data security company that can confidently assure that you are in compliance with all requirements within the timeframe is getting more and more difficult.
Failure to act quickly to prepare for the regulation could have serious consequences—to your bottom line, customer relationships and brand image. If your company suffers a data breach, you could be fined up to 4% of global turnover (or 20 million Euros). Now is the time to begin allocating budget and resources to implement governance processes and controls, and to identify tools to help with compliance.
Areas That Must Be Addressed for Compliance
You may need to employ one or more different encryption methods within on-premise as well as cloud infrastructure environments including the following:
- Servers, including via file, application, database, and full disk virtual machine encryption
- Storage, including through network-attached storage and storage area network encryption
- Media, through disk encryption
- Networks, for example through high-speed network encryption
Also, strong key management is required to not only protect the encrypted data, but to ensure the deletion of files and comply with a user’s right to be forgotten.
Your organizations will also need a way to verify the legitimacy of user identities and transactions, and to prove compliance. It is critical that the security controls in place be demonstrable and auditable.
VORAS Consulting works with companies, government agencies and businesses of all sizes. Become compliant with the new privacy protection requirements. Schedule a consultation today and make sure you don’t have to pay the price for not being in compliance when the May, 2018 deadline arrives.