Global Data Protection Regulation (GDPR) is an extension of past privacy laws, but much stronger, much tougher consequences and much clearer, more explicitly about what needs to be done to protect data. The follow steps to GDPR compliance:
- Know Your Cloud Footprint
The first step to compliance with GDPR is to know your cloud footprint. This sounds obvious, but the cloud is ubiquitous and many organizations have only a fuzzy view of how the cloud is actually being used within their organization. It is very important to understand what clouds are being used and where the data from that cloud is going. It is no longer safe to assume there are policies already in place around your network as the security of the data falls under your responsibility, not under the cloud provider. You can leverage a cloud discovery tool from a CASB platform to learn all the clouds that are being used by your organization. CipherCloud CASB will help you accomplish just that.
- Understand Your Sensitive Data
Understand the nature of the sensitive data and private information. Securing structured and unstructured data is a requirement for compliance with the GDPR, but it can be a challenge. Structured data, such as credit card numbers or phone numbers can span millions of database records and in turn, become difficult to protect. Securing unstructured data, such as files, notes, or attachments can also be convoluted as we often handle this type of data more casually.
- Understand Data Sovereignty and Data Residency
It is important to understand data sovereignty and data residency requirements that may be specific to a region. Every country has its own regulations with some being stricter than others. Organizations must understand the specific data residency requirements and define an action plan toward GDPR compliance.
- Apply Data Protection Policies
Apply these data protection policies to your organization. How does your organization encrypt or tokenize data? What methods are in place to protect information on mobile devices? There are numerous questions you must ask to understand what data you want to protect and how you are going to do so. CipherCloud data security module will help you protect the aforesaid structured and unstructured data with encryption and tokenization options. Tokenization particularly will aid to solve the data residency and sovereignty aspects of the GDPR resolution.
- Ensure Ongoing Compliance
Identify the users who will be accessing your secured data and enforce access controls. CipherCloud access control module supports you to create granular policies across all users to enforce those policies. Ensuring compliance is an ongoing process for your organization.
If you have more questions, check out the webinar on the 1 year plan for GDPR compliance.