author photo
By SecureWorld News Team
Thu | Oct 12, 2017 | 7:35 AM PDT

The amount of data in the world is exploding, which spells opportunity for business.

However, failing to properly control and secure that data will soon be more expensive than ever before.

So expensive, in fact, that 18% of business executives recently surveyed, worry a violation of the EU's General Data Protection Regulation (GDPR), could potentially put their company out of business.

That was just one of the many GDPR lessons coming from the SecureWorld web conference, “Preparing for GDPR in a Multi-Cloud World.”

Watch the GDPR multi-cloud web conference on demand

“Cloud is more of a challenge for many reasons. EU regulators already view cloud as more risky and they accept it with reluctance,” said web conference moderator Joan Antokol, Managing Partner, Privacy and Data Protection Practice, Park Legal LLC.

She shared an incredible GDPR rule change list of 18 things that will shift under GDPR.

GDPR-list-of-changes
 

Then Terry Barbounis, Cybersecurity Evangelist at CenturyLink, discussed key GDPR terms. “GDPR tends to be very detailed and confusing, so defining some of its terms can really help.”

GDPR-key-term-definitions
 
He shared how GDPR views special categories of personal data and how it defines things like Data Controller, Data Processor and Supervisory Authority.

Mark Goldenberg, a Security Solutions Architect at CenturyLink, had a piece of good news on GDPR: most organizations do not have to start their compliance efforts from square one.

“Understand where you are from a security maturity standpoint, first. Take advantage of your foundation--of the existing security policies you have today. Educate stakeholders and you can build upon your process," he said.

“Visibility to your data is key. This is critical in case there is a breach, so you can go back and look at the audit trail to find what was accessed, when and where.”

GDPR-data-visibility
 

Scott Manning, VP of Cloud at Thales e-Security gave some important context on GDPR and why it exists. “It was written to drive companies to implement proper controls and safeguards around data. They call this protection by design," he says.

"It means you start at the beginning to create processes to protect data inherently, not as an afterthought."

He also detailed two key controls for data management and security: pseudonymisation and tokenization. A mouthful to say, for sure, but both strategies can help mitigate damages if you are breached because they can greatly limit identifying information.

GDPR-top-controls
 
And key to implementation, he says, is to look for a data solution that is broad and allows you control over what you do with each type of data your company has.

Also, during this web conference, the questions were flowing like wine.

"How can a company within the U.S. determine if they are within scope of the GDPR?"
"Considering the individual GDPR Articles, is there a priority that you see companies using or can you suggest a remediation plan?"
"What happens when US Citizen marries someone from the EU; Is their data considered to be under this regulation?"

Hear the answer to these questions and more by watching, "Preparing for GDPR in a Multi-Cloud World" on demand, right now. The experts leading the web conference also share specific steps you can and should take.

With a change as significant as GDPR, we must collaborate to protect ourselves.

Comments