GDPR: Five steps to compliance with one day to go

By Mark McClain
Over the past few months, we’ve seen organisations rush to figure out their positioning when it comes to compliance. Now, the day is finally here, so...

Over the past few months, we’ve seen organisations rush to figure out their positioning when it comes to compliance. Now, the day is finally here, so how can organisations ensure they meet the requirements of GDPR?

The problem is nobody knows what sensitive information has been pulled out of various applications and databases over the years. As a result there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. Consequently, there will now be a sudden urgency to address privacy issues around information that is currently outside of IT's purview, because it is stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.

See also:

To achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. Adhering to the following five-step method will not help organisations identify unstructured insights, but will also put them in a position of power to protect GDPR-regulated data stored in both structured or unstructured systems, ensuring they meet the requirements of GDPR.

  1. Know where your ‘data landmines’ are buried. The problem is that nobody knows what sensitive information has been pulled out of various applications and databases over the years, so there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.
     
  2. Identify your weakest links: user identities waiting to be compromisedTo achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. The best place to start is by conducting a thorough risk analysis and mapping of data and owners across the entire enterprise.
     
  3. Strengthen access controls to critical applications and databasesOnce data and owners are mapped, organisations need to strengthen the controls that determine who has access to specific data - then organisations can take steps to secure it according to best practices. After all of these efforts, organisations must implement ongoing activity monitoring to improve risk migration and understand appropriate use.
     
  4. Sharpen your security strategy: think like a hackerOne certain way to meet these stringent GDPR requirements is by placing identity at the centre of security strategies. With the power of identity, businesses will have full visibility into who has access to what data, and insight into how that access is being leveraged, giving them the means to not only meet GDPR compliance and other regulatory requirements, but also to realise an overall improved security posture.
     
  5. Sit back and enjoy GDPR compliance! View GDPR as an opportunity to improve your security posture, provide better service to customers and strengthen your relationships with your business partners.”

 Mark McClain, CEO, SailPoint

Share

Featured Articles

Zurich selects AWS to help accelerate digital transformation

As its preferred cloud provider, global insurance leader Zurich will use AWS capabilities to speed innovation and meet regulatory and security requirements

Technology can overcome public sector data privacy concerns

A new report finds that collaborative data ecosystems help governments to craft a response to systemic challenges, but widespread adoption is yet to come

US-EU partnership to drive global advancements in AI

The US and EU have announced an agreement to speed up the development of AI to improve agriculture, healthcare and climate forecasting

Survey into future of cloud security in the Middle East

Cloud & Cybersecurity

Infosys serves up digital innovations at the Australian Open

Digital Transformation

Top 10 best metaverse platforms to look out for in 2023

Digital Transformation