How to Ensure Compliance with the General Data Protection Regulation (GDPR)
March 1, 2017
On May 25, 2018, the General Data Protection Regulation (GDPR) will be formally reinforced, requiring enterprises to implement proactive technical and organisational measures in order to improve data protection and security.
The GDPR strengthens existing data rights and broadens the protection obligations for data controllers and data processors. Every entity that holds or uses personal data in the European Union, or which targets the EU for goods, services or online profiling, will be regulated.
GDPR reforms include:
- Extended jurisdiction – any company processing personal data of subjects residing in the Union must abide by the GDPR
- Penalties – organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater)
- Consent – consent for data collection must be clear, distinguishable and in plain language. It must be as easy to withdraw consent as it is to give it
- Breach Notification – mandatory within 72 hours of becoming aware of the breach where a breach is likely to result in a risk for the rights and freedoms of individuals
- Right to Access – data subjects can obtain information from the controller as to whether or not personal data concerning them is being processed, where and for what purpose
- Data Erasure – right to have your personal data erased and stop further dissemination of the data
- Privacy By Design – inclusion of data protection from the onset of designing systems rather than as an addition
- Data Protection Officers – internal record keeping requirements as well as a DPO appointment for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale
How Can Herjavec Group Help?
Herjavec Group is a global cybersecurity product and service provider, fully equipped to partner with your organisation as you align to support customers in light of the GDPR requirements.
We partner with best of breed technology providers to find the products that help optimise your existing infrastructure and protect from potential vulnerabilities. By deploying multiple layers of technology we can enhance how you prevent, detect, and respond to attacks.
We are a vendor agnostic provider, which helps us offer unbiased product consultation and mitigates single vendor risk as we support the technologies at play within your security stack including:
- Next Generation Firewalls
- Next Generation Endpoint
- Malware Protection
- URL Filtering
- Identity & Access – PIM/PAM
As a cybersecurity services provider, Herjavec Group can help your organisation achieve compliance with a number of the GDPR requirements by identifying your current vulnerabilities, improving your network visibility and enriching the data you receive with human, threat and technical intelligence.
Our Service Expertise includes:
Security Consulting: From penetration tests to social engineering assessments, Herjavec Group’s Security Consulting Services will review your organization’s security infrastructure to understand the existing information technology control framework; identifying where you are most vulnerable to cyber threats and attacks.
Payment Card Industry (PCI) Compliance: Herjavec Group is a PCI Qualified Security Assessor (QSA) and Authorized Scanning Vendor (ASV). Our expertise includes the assessment of PCI Data Security Standards (DSS) as well as the implementation or remediation of PCI initiatives.
Professional Services: Herjavec Group’s Delivery Team has expertise in enterprise solution architecture, installation, and onboarding. By combining vendor technology best practices with our practical experience we add significant value to your integrated delivery as we design, tune & configure your solution to meet your organization’s needs.
Identity and Access Management: Our proactive identity and access management services safeguard your business’ reputation and financial well-being by controlling who has access to corporate data and information assets. We support IAM strategy development, system integration, PIM/PAM and IAM Managed Services.
Managed Services: Our practice is SOC 2 Type 2 certified, supporting your proactive threat detection and security technology management needs 24 hours per day, 7 days a week, 365 days per year. We offer two streams of service:
- Proactive Threat Detection which includes logging, correlation, and threat hunting
- Security Technology Management which includes certified optimization, administration, best practices & health checks
Remediation & Incident Response: Herjavec Group’s IR team has extensive practical experience managing complex security breaches. We respond promptly to reduce your recovery time, costs and damages; with a focus on returning your business to standard operations.
In order to prepare for the GDPR implementation, Herjavec Group recommends enterprises:
- Consider data protection and privacy at the onset of the security planning process
- Perform a Network Security Assessment and Gap Analysis to reassess the effectiveness of the security controls in place, particularly when it comes to storing, processing or transmitting data
- Prepare a security framework and an emergency preparedness plan, identifying clear policies and procedures to follow for all elements of data handling, information security & incident response
- Develop a timeline for regular assessments and reporting reviews for all systems to ensure the technical and organizational effectiveness of your security posture
- Evaluate the use of encryption tools in order to secure access rights and ensure the confidentiality & authenticity of digital data
- Invest in a Security Information and Event Management (SIEM) system and consider third-party Managed Services support in order to streamline data logging, correlation & security intelligence gathering
The GDPR is a proactive reminder that all enterprises, no matter their location, should proactively assess their security postures in terms of their visibility, controls, and scope. This regulation is not about striving for perfection. It’s an important step forward to improve security, achieve compliance and identify emerging threats in real time.
If you would like more information on Herjavec Group’s UK operation including our cybersecurity product and service offering, please contact us.
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across Canada, the United States, and the United Kingdom. For more information, visit www.herjavecgroup.com.