When it comes to the General Data Protection Regulation (GDPR) and its implications for data security, there is a lot to consider. Significant emphasis has been placed on the penalties for non-compliance and the new rules companies must follow in the event of a data breach. While this is understandable, at its heart the GDPR is about understanding your data and designing your approach to security around it. In this sense, the GDPR presents an opportunity for forward-thinking chief security officers and their teams.
The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018 and organizations (large and small) are currently preparing for the new directive. As an evolution of the current data protection legal framework, the GDPR will also apply with extraterritorial effect to organizations based outside the EU that offer goods and services to, or monitor individuals in, the EU.
Organizations established in the EU and processing personal data of EU-based individuals will, in almost all cases, be required to comply with the General Data Protection Regulation (GDPR) by May 25, 2018. In addition, the GDPR will now apply to organizations based outside the EU that offer goods and services to, or monitor the behavior of, EU-based individuals. If your organization falls into these categories, one of the essential first steps in your journey to compliance is understanding your data.