With the EU General Data Protect Regulation (GDPR) in its final stages, slated now for a 2018 implementation, organizations have the opportunity to get ahead of the requirements, and become more secure in the process. The ICO, recognizing the upcoming GDPR and additionally the EU Data Protection Directive (NIS Directive), has put together a “data dozen” set of reforms that organizations can implement:
A study by Code 42 recently suggested that 18% of organizations are waiting for the GDPR to be finalized before implementing any changes to their data protection and security posture, which is a dangerous position to take. While organizations play the “wait and see” game waiting for regulations to force preparedness, the threat landscape continues to shift, with new technologies, employee behaviours and attacks introducing even greater risks to organizations.
We can understand that organizations do not want to waste time or resources on implementing costly data protections, without greater insight. Regulations often lack specific technical requirements because each organization faces a unique risk assessment. What will be required, as noted in the ICO list, is that you have firm documentation proving you understand what data you have and that you have a way to know if that data is breached. At Absolute, we help provide that visibility into the endpoint, where a growing proportion of data now lives, with automated alerts if data may be at risk and remote capabilities to lock down or delete device, all documented to help prove compliance.
The time is now to make data security a priority. With the EU GDPR and the new NIS Directive looming, organizations in the UK can get the head start on data security before it’s required. Why? Because avoiding unnecessary and costly data breaches is just a good idea. Knowing what may be required is helpful in directing your efforts as a baseline standard, so we encourage you to take steps to Compliance Sea Change: How to Best Comply with the New EU Data Protection Regime.
From proactive monitoring and reporting, to detection and response procedures, deploying a layered approach to security that extends beyond “good enough” protection is the most effective strategy to keep sensitive information private and ultimately avoid legal and financial recourse. Learn more about how Absolute can provide the adaptive endpoint security your organization needs to always stay in control of devices and the data they contain.