Security Dealer & Integrator

JUL 2018

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link: https://sdi.epubxp.com/i/1005317

Contents of this Issue

Navigation

Page 9 of 115

10 Security Dealer & Integrator / www.SecurityInfoWatch.com July 2018 Read the full article: www.SecurityInfoWatch.com/12413910 SECURITY WATCH Top Story BY STEVE DURBIN and work to get C-suite backing to make preparations a priority. All prod- ucts and services should be reviewed for data privacy hot spots. 2. Assess the extended ecosystem. Third parties, vendors and partners should be evaluated for GDPR com- pliance – this includes cloud service providers. Confining GDPR activi- ties to the public-facing corporate website and other obvious customer interfaces will signal to regulators that an organization is under-prepared. 3. Document all activities. Especially for third-party assess- ments, be sure your client has stra- tegic workflows and procedures to ensure efficiency and accountability. Beyond Compliance Many companies are looking at this as a chance to to go beyond com- pliance by extending the breadth of GDPR compliance to leverage addi- tional benefits, such as: • Creating broader information governance programs; • Embedding information security into business applications and techni- cal infrastructure; and • Improving data protection and privacy practices. ■ Steve Durbin is managing director of the Information Security Forum (ISF). It's Official: GDPR Has Arrived It may not happen immediately, but chances are that further regula- tion and more intense oversight will be developed in response to these incidents, which have damaged pub- lic trust and corporate integrity. Organizations that rely on personal data – and individual users' consent and trust – have an opportunity to go above and beyond GDPR in order to assuage customers and partners. Apple, for example, announced it will offer GDPR protections to all cus- tomers – not just EU data subjects specifically protected under the law. These protections – including a new privacy policy, easier access to important privacy settings, access to personal data stores, and ability to permanently delete accounts – will be rolled out to every Apple customer worldwide in the coming months. Last-Minute Scramble As is always the case with major reg- ulatory change, companies that did not start preparations early enough found the necessary protections were broader in scope or more com- plex than initially assessed, or only recently realized their business oper- ations fell under GDPR's purview. For U.S. companies that might still be enacting action plans, there are some clear directives: 1. Review of existing data pri- vacy policies, processes and plans. Companies should consult legal advi- sors, figure out which internal secu- rity and data experts to work with, The General Data Protection Regulation (GDPR) officially went into effect on May 25, and it will certainly have an international reach – affecting any organiza- tion that handles the personal data of European Union (EU) residents, regardless of where it is processed. GDPR adds another layer of com- plexity, not to mention potential cost and associated resources, to the issue of critical information asset management for many organizations. GDPR forces organizations world- wide to comply with its requirements, including U.S.-based organizations. If an organization is found to be overstepping GDPR requirements, supervisory authorities have a variety of corrective actions, including the Companies scramble to meet new compliance requirements Why GDPR Matters in America: Read more about its impact on security integrators at www. securityinfowatch.com/12410462 ability to issue warnings and repri- mands to controllers or processors; but also include far more substantial powers, which can compel an orga- nization to process data in certain manners, or cease processing alto- gether, as well as force an organiza- tion to communicate data breaches to the affected data subjects. U.S. Business Implications Because of the Equifax breach, as well as a seemingly continuous string of customer data breaches at retail and restaurant brands, health- care and financial services), and the Facebook-Cambridge Analytica scandal, America is getting a crash course in the security and privacy weaknesses of online services, apps and networked systems.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Dealer & Integrator - JUL 2018