In May of 2018, the EU will begin enforcing its General Data Protection Regulation (GDPR) to ensure the security and privacy of member states’ citizens’ data. As virtually all organizations collecting or handling the personal data of EU citizens will be affected by the regulation, they must begin taking actions to reach compliance. Failure to do so can lead to heavy financial and reputational penalties.
Bitglass recently released a report detailing how its cloud access security broker (CASB) can help meet various requirements under GDPR. A high level overview of three of these requirements can be found below.
Right to Erasure:
Data subjects have a right to erasure whereby they can request that an organization delete their information. Subjects can invoke this right at any time, even if it is simply because they wish to withdraw their consent. As such, organizations must be able to delete data quickly and completely. Because Bitglass’ CASB uses API integration across major cloud apps and even custom apps, it can delete data from the cloud and make it inaccessible from devices.
Privacy by Design and Data Protection:
Under GDPR, organizations must demonstrate that their processes (technological and otherwise) are constructed in a way that protects data and data subject privacy. This can encompass a number of requirements such as protecting against unauthorized data access and malware. With contextual access controls and Advanced Threat Protection (ATP) powered by Cylance, Bitglass can prevent unauthorized data access and the spread of malware, respectively.
Data Residency and International Data Transfers:
Where data is physically located is an important consideration under GDPR. As relatively few countries are deemed “safe,” great emphasis is placed on maintaining visibility and control over data to prevent it from being exposed in unsafe conditions abroad. Fortunately, there are tools that help ensure data residency but also allow for flexibility in regards to where data is accessed, processed, and stored. For example, with Bitglass, organizations can encrypt data in the cloud and hold their encryption keys locally in order to meet the requirement.
Organizations should begin acting now to reach compliance by May 2018. Adopting a security solution that rapidly provides a breadth of GDPR coverage is a must. For additional information on GDPR requirements and how Bitglass can help organizations reach compliance, download the full report below.