GDPR: Five steps to compliance with one day to go

By Mark McClain
Over the past few months, we’ve seen organisations rush to figure out their positioning when it comes to compliance. Now, the day is finally here, so...

Over the past few months, we’ve seen organisations rush to figure out their positioning when it comes to compliance. Now, the day is finally here, so how can organisations ensure they meet the requirements of GDPR?

The problem is nobody knows what sensitive information has been pulled out of various applications and databases over the years. As a result there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. Consequently, there will now be a sudden urgency to address privacy issues around information that is currently outside of IT's purview, because it is stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.

See also:

To achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. Adhering to the following five-step method will not help organisations identify unstructured insights, but will also put them in a position of power to protect GDPR-regulated data stored in both structured or unstructured systems, ensuring they meet the requirements of GDPR.

  1. Know where your ‘data landmines’ are buried. The problem is that nobody knows what sensitive information has been pulled out of various applications and databases over the years, so there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.
     
  2. Identify your weakest links: user identities waiting to be compromisedTo achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. The best place to start is by conducting a thorough risk analysis and mapping of data and owners across the entire enterprise.
     
  3. Strengthen access controls to critical applications and databasesOnce data and owners are mapped, organisations need to strengthen the controls that determine who has access to specific data - then organisations can take steps to secure it according to best practices. After all of these efforts, organisations must implement ongoing activity monitoring to improve risk migration and understand appropriate use.
     
  4. Sharpen your security strategy: think like a hackerOne certain way to meet these stringent GDPR requirements is by placing identity at the centre of security strategies. With the power of identity, businesses will have full visibility into who has access to what data, and insight into how that access is being leveraged, giving them the means to not only meet GDPR compliance and other regulatory requirements, but also to realise an overall improved security posture.
     
  5. Sit back and enjoy GDPR compliance! View GDPR as an opportunity to improve your security posture, provide better service to customers and strengthen your relationships with your business partners.”

 Mark McClain, CEO, SailPoint

Share

Featured Articles

How Red Bull & Oracle are already winning with data

Amr Elrawi, Director, Sports Marketing and Business Development, Oracle, joined TECH LIVE LONDON to discuss how data built success with Red Bull Racing

Exec Q&A: Alex Cruz-Farmer, Cisco ThousandEyes

Alex Cruz-Farmer, Principal Product Manager at Cisco ThousandEyes, explains how their technology brings new levels of visibility to hidden DX issues.

Cloud & 5G - Day 2 highlights from the in-person stage

TECH LIVE LONDON returned to the Tobacco Dock last week. Stage host and Technology Magazine Editor in Chief, Alex Tuck, breaks down the presentations

Cloud & 5G - Day 1 highlights from the in-person stage

Cloud & Cybersecurity

TECH LIVE LONDON: Day 2 highlights of the hybrid tech show

Digital Transformation

TECH LIVE LONDON: An overview of the hybrid technology show

Digital Transformation