Compliance-Ready: GDPR Requirements

By: Absolute Editorial Team | 5/25/2017

Businesses that handle the personal data of European Union residents must comply with the General Data Protection Regulation (GDPR) starting in May 2018. Will your business be ready? We can help: Here's a recap of our recent webinar on the topic...

The time to prepare is now

Now is the time to get ready for the stringent GDPR requirements that will take effect a year from no -- especially since the cost of noncompliance is set at an astronomical 4 percent of global annual revenues. Our webinar this week was focused on helping enterprises understand GDPR compliance from the perspective of global business and what to do to ensure compliance, protect customer data, and protect your brand.

At least 52% of US companies hold data on EU data subjects and will be subject to the GDPR.

The GDPR requirements drive home new, strict rules for data regulation that mean many organizations will need to boost current data protection measures, or face strict enforcement actions.  Jonathan Armstrong, a partner at Cordery Compliance, outlines the broader landscape of data security for global businesses operating in the EU and in the UK in the webinar.As Jonathan outlines, U.S. organizations should all assume they have data for EU residents because it is too difficult to rule out that they don't.

As Jonathan outlines, U.S. organizations should all assume they have data for EU residents because it is too difficult to rule out that they don't.The webinar also helps businesses understand:

  • Whether GDPR applies to your organization
  • The aims, benefits, and consequences of GDPR requirements
  • A 12-month action plan for compliance before GDPR goes into effect. Priorities include:
    • A breach response plan
    • Proper technology: Encryption is not enough
    • Review vendor contracts; make sure they know about GDPR and can comply
    • Put a Data Protection Impact Assessment (DPIA) process in place
    • Get documents and records ready to prepare for a regulatory inspection
    • Review policies and procedures around consent and right to be forgotten requirements
    • Train employees on all aspects of the law
    • Set up a regular schedule for compliance audits
    • Find or train a Data Protection Officer and a Data Protection Representative (as required)

Absolute & GDPR: How we can help

In the webinar, Nima Baiati, senior director, product management for Absolute described the typical challenges customers face in improving data security and compliance over the endpoint.

50% of attacks happen at the application level. Do you have the ability to detect and remediate these incidents?

Endpoint visibility includes knowing where your devices are, what percentage of data on the endpoint is business-critical, where attacks are likely to happen, and how to plug those risks. Nima also shared how Absolute can help organizations with GDPR compliance requirements - here's a recap:

  • Ensure business-critical applications have an appropriate level of resiliency to ensure they self-heal if compromised
  • Ensure availability and attestation of encryption applications
  • Provide data to demonstrate overall health and risk posture
  • Offer zero-touch remediation in the event of failure, attack or human error

Find out more...

For more information on GDPR, check out the Cordery GDPR Navigator, which gives you access to checklists, policies, video briefings, and written guides. We'll also be posting more resources on the blog as available.

And, check out this post from Forrester's Chris Sherman: Forrester created a data privacy heat map that highlights the data protection guidelines and practices for 54 different countries. It's timely information that will help security and risk professionals navigate complex worldwide privacy laws.


The information in this blog post is provided for informational purposes only. The materials are general in nature; they are not offered as advice on a particular matter and should not be relied on as such. Use of this post does not constitute a legal contract or consulting relationship between Absolute and any person or entity.  Although every reasonable effort is made to present current and accurate information, Absolute makes no guarantees of any kind. Absolute reserves the right to change the content of this post at any time without prior notice.  Absolute is not responsible for any third party material that can be accessed through this post. The materials contained in this blog post are the copyrighted property of Absolute unless a separate copyright notice is placed on the material.

Financial Services