The EU’s General Data Protection Regulation (GDPR) came into effect in May 2018. To avoid potential fines of tens of millions of Euros, companies must move quickly to understand the GDPR legislation and put appropriate measures in place. Northdoor can help, providing step-by-step reviews of your existing systems and practices, recommendations for future approaches, and an integrated set of proven tools for gaining and maintaining control over all relevant data throughout your organisation.
The GDPR regulation defines personal data as any information relating to an identified or identifiable natural person – this broad definition means that organisations must carefully review and classify all of the data they hold. Among the provisions in the GDPR are:
If your business offers goods or services within the EU, or otherwise monitors the behaviour of individuals who are EU citizens (for example, by using online cookies), you will need to achieve and maintain compliance with the GDPR legislation. It should be noted that the law will apply regardless of Brexit negotiations, and that it represents a significant change to the existing DPA legislation in both implementation and interpretation.
In the most simplistic terms, the key implication of GDPR is that your business must fully understand what personal data it holds, where this data is stored and who has access to it, throughout the full information lifecycle. Beyond this, you will need to create new organisation-wide data-protection policies, set up rigorous governance schemes, maintain auditable records, design and perform annual data protection impact assessments, and ensure that your business partners are also in compliance with GDPR. Last but not least, you must gain the ability to rapidly detect and report on data breaches, and to find, modify or remove personal data on request and within prescribed time limits.
The stakes are high, the deadlines are short, and in most organisations the size and diversity of existing data stores makes the challenge a daunting one. The good news is that Northdoor’s Protect IT security practice has an established set of reviews and recommendations to help you achieve and maintain compliance. Our focus is on delivering the best toolsets to help you reliably discover, classify, protect and govern data over time, regardless of where or how it is stored across your local or cloud infrastructure. Crucially, our approach is built on automation, integration and continuous monitoring, so GDPR compliance can be accomplished smoothly, rapidly, auditably and without the need to employ armies of administrators.
Source: 2015 Cost of Data Breach Study: United Kingdom, IBM and Ponemon Institute
Continuous monitoring and prevention of threats, both from targeted external attacks and accidental or deliberate internal breaches. We help you maintain your security posture and prevent escalation.
Automatically discover, classify and protect both structured and unstructured data across all systems. We help you create best-practice approaches to implementing encryption, data masking and data redaction.
Support your increasingly mobile workforce, blending user convenience with secure access controls. We help you ensure protection for corporate data on BYOD devices, detecting threats and automating compliance.
Northdoor’s Protect IT security practice helps businesses in insurance, banking and other highly regulated industries to select and deploy the right tools to improve their security posture and protect sensitive data. For GDPR, we can help you design and deploy a highly automated compliance solution to discover, classify, protect and govern personal data. Our proven deployment methodologies and enterprise-class support services provide high-quality security frameworks that can keep pace with evolving legislation.
After defining your organisation’s interpretation of what is personal data, the next step in addressing the challenges of GDPR is to run a full discovery exercise to find all such data across all systems. This will potentially include: production, test and development databases; corporate documents stored on SharePoint, on corporate file servers, on departmental NAS drives, on user desktops or in the cloud; emails, instant messages and wikis; expired or dormant data in archives and backups.
Northdoor offers software tools that enable you to discover, analyse and classify data in a highly automated way, and to establish clear data lineages. We can then help you to identify paths to and from the data, both inside and outside of the organisation, to review all security measures around data and run detailed risk assessments. Our software solutions also enable you to: monitor and audit data access and permission changes; create automated alerts when rules are breached; increase security through machine learning and user behaviour analytics; establish and manage data retention and destruction policies; lock down both sensitive and obsolete data; mask and anonymise data; and establish intelligent internal and internal and external network defences, incident-response policies and security restrictions.
With software solutions and GDPR consultancy services from Northdoor, you can more easily understand, protect and govern all personal data, reliably record proof of consent to store and process that data, move quickly to correct, migrate or erase the data at the customer’s request, and automatically notify the relevant parties in the event of a breach.
The benefits of working with Northdoor for GDPR go beyond security, risk management and compliance: by finding the data that really matters and deleting redundant, obsolete and trivial data, you can save significant amounts on storage and backup costs.
Northdoor can also help you to rationalise your IT infrastructure and database architecture, simplifying future compliance efforts, improving operational performance and reducing costs.
To find out how Northdoor can help you achieve GDPR compliance faster and more effectively, please contact us for an informal assessment. We’ll review your existing approaches to data protection and security, and provide a clear checklist of recommended next actions, helping you get started quickly.