GDPR Enforcement is Right Around the Corner — Is Your Organization Prepared?
The impending enforcement of the General Data Protection Regulation (GDPR) on May 25, 2018 has many organizations scrambling to ensure compliance before the clock runs out. Since cybersecurity will be a key component of compliance readiness, CrowdStrike® is offering a 30-minute webcast, “Understanding the GDPR and How it Will Impact Your Organization,” that includes an overview of the GDPR and tips on making sure your organization meets the new European Union (EU) cybersecurity requirements.
Higher awareness within the EU has led a large number of affected organizations there to begin preparing for GDPR enforcement many months ago, but organizations outside the EU may have been slower to react. These organizations that are only now turning their attention to the issue should first verify if they are actually subject to the new regulations. One misconception is that organizations that don’t have an office in Europe need not worry. However, if your company sells goods or services to European citizens, you likely process personal data from the EU and so may be subject to the GDPR. Given today’s global economy, this could include hundreds of thousands of organizations worldwide. Penalties for violating the new data protection rules can be harsh, with fines as high as €20 million (US$24.6 million), or four percent of revenue, whichever is greater.
The GDPR is organized around the rights of individuals and the obligations that organizations must fulfill to protect their personal data. Organizations should pay special heed to the fact that GDPR requires them to protect personal data by making cybersecurity a critical requirement of compliance. The following are the cybersecurity components of the regulation that organizations should be aware of when assessing whether their current security program is tailored toward compliance:
- The GDPR prescribes the principles governing the processing of personal data: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.
- The GDPR requires that organizations consider the “state of the art” to safeguard personal data through appropriate security measures.
- The regulation mandates that organizations (so-called “data controllers”) report breaches of personal data within 72 hours and notify individuals without delay when a breach is likely to result in a high risk to their rights and freedoms under the GDPR.
How CrowdStrike Can Help With GDPR Compliance
The CrowdStrike Falcon® platform protects data against both internal and external threats to stop attacks long before they become reportable breaches. In addition, as a cloud-native platform, Falcon can be implemented and fully operational within days rather than weeks and months — with virtually zero impact on your infrastructure. This helps your organization meet key parts of GDPR compliance quickly. CrowdStrike Services provides proactive services that can assist you with tasks such as accurately assessing your organization’s security posture, assessing the impact of a breach and meeting GDPR reporting requirements.
Depending on your organization’s needs, CrowdStrike can help you prepare for GDPR compliance by answering the following questions:
- Readiness: How well is your data being protected and how efficiently can you respond to a breach?
- Prevention and Detection: How can you prevent breaches from happening in the first place?
- Response: How will you determine the appropriate response and be able to respond in a timely manner?
Register for the webcast: “Understanding the GDPR and How it Will Impact Your Organization”
Download the white paper: “The General Data Protection Regulation (GDPR) and Cybersecurity”