Are you prepared for GDPR Enforcement?

A Dell survey focusing on GDPR readiness reported that “more than 80 percent of global respondents know few details or nothing about GDPR.” Conventus Solutions Architect, Kevin Saucier, sheds light on how NorthStar can assist with GDPR compliance.

With the looming deadline of May 25^th 2018 for the General Data Protection Regulation, or as it is more commonly known as, GDPR, enforcement, many customers are asking us how to approach this change in requirements for businesses serving European Union customers.  GDPR has the following key requirements for data security:

• Data Protection by design and default
• Security of processing: Implement appropriate security controls and policies to protect consumer data
• Data breach notification: 72 hours from discovery to notify the proper authorities
• Organizations must perform a Data Protection Impact Assessment for any new processes or system to ensure that the risk to consumer information is documented and understood.
• Organizations must designate a Data Protection Officer whose primary responsibility is to be knowledgeable about both Compliance and IT Security specifically for the protection of private data
• Data Transfers only allowed to 3^rd parties that are compliant with GDPR.

As organizations work to implement the necessary changes to their business to be GDPR complaint, many discover a critical need for accurate asset, exposure, and privilege data.  Organizations traditionally have struggled with the aggregation of security information because of issues with both the volume and quality of the data being generated from their IT and infrastructure tools.  Many organizations have turned to NorthStar’s vendor agnostic data collection and normalization platform as the solution.  NorthStar provides many benefits to organizations looking or required to be GDPR compliant in the next calendar year.

NorthStar provides comprehensive visibility critical to achieving GDPR compliance

Data Protection Impact Assessments – DPIAs are an important part of the GDPR mandate.  New changes to business systems and processes will need to have a DPIA performed to ensure that adequate security is applied to the resultant solution.  While GDPR does not stipulate that organizations apply this level analysis on existing systems and processes, NorthStar can provide a visualization platform for understanding the current state of existing systems and processes. This allows an organization the ability to perform DPIAs on future projects as well as current systems and processes. This allows for leadership to proactively assess current and future systems and bring them into GDPR compliance faster.

Data Protection Officers – GDPR stipulates that compliance seeing organizations have until May 25, 2018 to hire a designated DPO.  The role of the DO is act as a “mini-regulator” and is responsible for the policies and processes that affect data protection.  For this role, many organizations are going to need new tools that will enable the DPO to independently gather critical information about the organization to verify appropriate security controls are in place on key systems and processes. NorthStar’s ability to aggregate and normalize raw data and consistently apply business logic to the resultant information enables DPOs to automate the collection of IT security information and create simple and effective reporting for security controls and user entitlements.

Data Transparency – The adoption of GDPR represents a strong push towards data transparency for the consumer.  Under the requirements of GDPR, a consumer has the right to request from an organization information how their personal data is going to be used, stored, and removed.  With that change, the organization is now responsible for a much higher level of data and process transparency.  NorthStar does provide accurate and normalized data about the assets, exposures, and privileges in an organization and every piece of data can be traced back to its system and format of origin.  The ability to see where and how data originates from is critical to engendering trust and confidence in the compliance declarations of an organization.

For our customers working towards GDPR compliance, NorthStar represents a key piece of the puzzle as they merge these new requirements with their existing business and regulatory needs.