![\"\"](\"https:\/\/www.insentragroup.com\/wp-content\/uploads\/sites\/21\/2021\/02\/gdpr_is_real.jpg\")
<\/p>\n<\/p>\n
Prior to GDPR \u2013 the legislation protecting personally identifiable information and the active prevention of data exfiltration was weak and seen as a toothless tiger \u2013 the view was \u2018if I do not have to tell anybody or there is no real legislation or authority policing such incidents, then what\u2019s the worst that can happen?\u2019 (See\u00a0<\/span>The Stick<\/strong>\u00a0<\/span>below) Sadly the reality is far from this \u2013 GDPR has teeth and is VERY live and dangerous.<\/p>\n What is GDPR? You would be surprised at the number of people that know \u201cof\u201d GDPR, but not what it really means!<\/strong>\u00a0<\/span>\u2013 for those that don\u2019t know \u00a0these resources might be useful<\/p>\n http:\/\/www.dummies.com\/education\/politics-government\/general-data-protections-regulation-gdpr\/<\/a><\/p>\n https:\/\/medium.com\/@edagoodman\/a-beginners-guide-to-general-data-protection-regulation-gdpr-9d7e847042f2<\/a><\/p>\n OK, so let\u2019s get the official bit out of the way \u2013 The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95\/46\/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.<\/p>\n What does GDPR really mean?<\/strong><\/span><\/p>\n Protection of personal data. What constitutes personal data?<\/span><\/p>\n GDPR applies to \u2018personal data\u2019 meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier and reflects changes in technology and the way organisations collect information about people.<\/p>\n The Stick \u2013 It hurts \u2013 So what if I do not care or take measures?<\/strong><\/span><\/p>\n Organisations can be fined up to 4% of annual global turnover for breaching GDPR or \u20ac20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28) or not notifying the supervising authority and data subject about a breach or not conducting an impact assessment.<\/p>\n Who has been hit?<\/strong><\/span><\/p>\n You may think it\u2019s too soon for action to be taken\u2026 Check out what happened to Hilton Domestic Operating Company Inc (a.k.a. Hilton). GDPR is live and dangerous.<\/p>\n https:\/\/digitalguardian.com\/blog\/hilton-was-fined-700k-data-breach-under-gdpr-it-would-be-420m<\/a><\/p>\n Have I been GDPR\u2019d and How would I know?<\/strong><\/span><\/p>\n Simply put \u2013 if you have no way of knowing or understanding the data that you keep (structured or otherwise) then you are at risk \u2013 you simply cannot manage and ensure governance around what you cannot see. In almost every organisation the visibility to information stored and data types is the most difficult issue to overcome, and as such often gets put in the \u201ctoo hard\u201d or \u201cwe will get to it sometime\u201d bucket.<\/p>\n Visibility is Key<\/strong><\/span><\/p>\n Before deciding whether you have or will be GDPR\u2019d, you need what few have achieved \u2013 the ability to see in the dark and by that, I mean, unless you know with certainty what information is created, shared, and stored, you really have no way of knowing how prepared you are.<\/p>\n The legislation states that you must prove that you have taken \u2018reasonable\u2019 measures to protect GDPR compliant information and can disclose the information you hold. This can only be achieved if you have continuous visibility into the data you can see, and that which resides in the dark (storage, copies, remote locations, or worst case, unsanctioned cloud services.\u00a0 Remembering always that non-compliance could mean fines up to\u00a0<\/span>4% of annual global turnover<\/em>\u00a0<\/span>or\u00a0<\/span>\u20ac20 Million.\u00a0\u00a0<\/span><\/em>You absolutely need to start with visibility \u2013 only once you can see everything can you begin to take measured action.<\/p>\n Recommended Steps<\/strong><\/span><\/p>\n Becoming GDPR safe is not a simple task so we are only recommending one area to look into \u2013 the one where you are largely in the dark \u2013 Shadow IT (use of IT which is not supported or approved by the central IT department \u2013 think someone firing up an instance of AWS on their credit card or leveraging DropBox to share files).<\/p>\n Start with assessment tools to look at the level of Shadow IT in your organisation and consider the implications of the corresponding Shadow Data. All too often, people within an organisation share information innocently with each other, or into a cloud service for ease of access. Once the information leaves the corporate perimeter, you lose control and are introduced to unknown risks.<\/p>\n A Shadow IT Assessment is the first step in visibility and will quickly help to uncover and understand where immediate risks can be mitigated. Once that is under control, you have taken the first step.<\/p>\n Next, you need to look within the perimeter and understand what is being created, stored and shared \u2013 the perfect use case establishing a Data Loss Prevention policy. \u00a0Again, start with an assessment. By undertaking a Data Loss Prevention Pilot, you will be able to scan internal file systems and storage areas to gain an understanding of the data residing there to enable you to then enforce policies to enforce classifications and controls. This is a very high-level view of course, but the point is, you cannot secure what you cannot manage, and you cannot manage what you cannot see. Visibility is everything, and speed is nothing without control.<\/p>\n It is now fair to say that legislation tiger around the management of personal information now has very big teeth, GDRP is live and dangerous \u2013 but you don\u2019t have to be afraid, you just need to open your eyes and take measured action.<\/p>\n","protected":false},"excerpt":{"rendered":" Prior to GDPR \u2013 the legislation protecting personally identifiable information and the active prevention of data exfiltration was weak and seen as a toothless tiger \u2013 the view was \u2018if I do not have to tell anybody or there is no real legislation or authority policing such incidents, then what\u2019s the worst that can happen?\u2019… Continue reading GDPR is Live and Dangerous \ud83d\ude42<\/span><\/a><\/p>\n","protected":false},"author":55,"featured_media":1570,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[],"class_list":["post-1569","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/1569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=1569"}],"version-history":[{"count":0,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/1569\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/1570"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=1569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=1569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=1569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}