Symantec Corp., the world’s leading cyber security company, today announced resources and expertise available to companies still working towards complying with the General Data Protection Rule (GDPR), which went into effect on May 25.
Recent research from technology analyst firm IDC found that, despite the urgency created by the GDPR deadline, 71 percent of organizations believe that a lack of knowledge about the regulations are limiting their compliance. Additionally, 69 percent are not confident they even know where their personal data is located. With the law now in effect, those numbers are a stark reminder that every firm needs to focus its resources and attention on compliance or risk the ramifications.
“GDPR is the single largest compliance-driven transformation we’ve ever seen, and in the short time since it has gone into effect, major complaints have been filed against social media and internet companies, with claims totaling in the billions of dollars,” said Greg Clark, chief executive officer at Symantec. “The challenges of the cloud generation magnify the difficulties that organizations face as they work to navigate these waters. That is why we are committed to helping our customers with compliance and reducing the significant risk associated with being a custodian of consumer data.”
Symantec recommends all organizations that have yet to fully comply with GDPR immediately take the following procedural steps:
Bring business and IT leaders together and ensure everyone understands the challenges with GDPR and why they need to make it a top priority. The most senior leadership within every affected organization must understand the unprecedented ramifications organizations may face for lack of compliance.
Take a full assessment of all data held by the company – files, logs, metadata and beyond, beginning with the most critical data. This is where many organizations need the most work – the standards can’t be met without a complete understanding of what data a company holds and where it is held.
Once a complete inventory of all data is taken, develop a data protection strategy which will proactively protect key data assets regardless of their location, a response plan in the event of an incident and a set of processes for ensuring continuous compliance.
It is further critical that organizations fully understand the range of technological resources that can help them demonstrate their efforts to maintain compliance. Symantec is focused on helping organizations achieve GDPR compliance excellence and offers a number of technology solutions which help organizations maintain key areas of GDPR compliance such as:
Control Compliance Suite offers a GDPR Compliance Readiness Assessment that enables organizations to identify and target broad areas of risk so that they can prioritize their compliance efforts on those key risk areas.
DLP and the DLP Risk Assessment allows organizations to quickly identify risks within data stores across the enterprise, enabling the ability to place controls around this data and preventing personal data from being compromised.
CASB can help organizations gain visibility into the enormous cloud data risk, and through integration with Symantec DLP, the organization can extend data protection efforts seamlessly across both the cloud and on-premise resources.
Information Centric Encryption makes it possible to encrypt devices and files containing personal data to provide state-of-the-art data protection and mitigate the risk of data loss.
Security Analytics, Advanced Threat Protection, and Endpoint Detection and Response (EDR) help to rapidly detect data breach incidents and assist in remediation, while also providing valuable contextual information on the breach that’s needed for a thorough notification to authorities and individuals.
Managed Security Services and Incident Response Services help organizations deliver core expertise where they might otherwise lack robust data breach detection and response capabilities.