It’s now less than a month to go before the EU General Data Protection Regulation goes live on the 25th of May 2018, and many of us are still busy preparing processes, procedures and technical security controls to ensure compliance with the new regulation.
In this NNIT Security Insights article, we take a quick look at some of the security controls that will help organization to comply with the EU GDPR.
A security control is a safeguard implemented in order to minimize security risks to for example electronic information stored in a system. For EU GDPR, the following four security controls should be considered:
Data Protection: Ensures that data is protected against loss of Confidentiality, loss of Integrity or loss of Availability. This control covers a number of areas, such as access control, encryption, data backup, and system availability.
Access Control: Ensures that only authorized persons with a business need are able to access personal data.
Data Retention: Ensures that data is retained for as long as there is a legal basis for retaining this, and not longer.
Logging & Monitoring: Ensures that access to data is monitored and logged, which assists in demonstrating compliance, and also assists in the event that there is a data breach.
A good place to start is to carry out an assessment of your existing security controls for each of the controls listed above, which will enable any gaps to be identified.Once the gaps have been identified, a roadmap of activities needed to close the gaps can be developed and implemented.
Do you have anything to add? Do you think anything is missing? Please let me know and share your comments!
John Clayton is an IT Management Consultant and Cybersecurity Specialist with more than 20 years’ experience in IT and Management Consulting, and with roles bridging Business and IT.
NNIT Security Insights is a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.
NNIT has its own Cyber Defense Center. If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage.
You are welcome to contact us at firstname.lastname@example.org if you want to know more about how NNIT can help your business increase its information security level.