You’ve probably heard by now about GDPR, the General Data Protection Regulation, passed by the EU and set to go into effect in May 2018. At it’s core, the regulation is intended to protect private party’s data and give citizens increased control over how their data is collected, used and stored. It’s important to recognize that the regulation does not apply only to businesses in EU member states, but to any organization who processes the personal data of EU citizens.
The regulation sets harsher financial penalties and additional requirements for handling breaches. The maximum fines could be 4% of the organizations global annual turnover, or €20M, whichever is greater. Additionally, GDPR requires that data controllers report security incidents where personal data is compromised within 72 hours. Given the strict fines and significant breach disclosure requirement, its no surprise that 35% of US companies don’t think they’ll be prepared by the deadline.
However, for organizations following security best practices and frameworks like PCI DSS, NIST 800-53, FFIEC and others, and who have taken the proper steps to implement a proactive security program, meeting the new requirements need not be burdensome. At Cygilant we recommend that organizations implement proactive security that includes 24x7 security monitoring, vulnerability and patch management. Our security services combine the people, process and technology necessary to achieve enterprise-class security at an affordable cost. Cygilant’s SOCVue is a Security Operations and Analytics Platform that combines cutting edge big data machine learning technology suite with best-in-class Global Security Operations Centers (GSOC) and security best practices for effective 24x7 cyber security programs.
Need help building a mature cybersecurity program? Find out the steps to take in our on-demand webcast: