EU GDPR Compliance

 

With limited runway to comply by the May 25, 2018 deadline, and steep fines of up to 20 million Euros or 4% of total global turnover, it’s in an organization’s best interests to proactively implement a cloud data security strategy that ensures compliance with the EU General Data Protection Regulation (GDPR).

Preparing for EU GDPR Compliance

 

GDPR takes a non-prescriptive approach when it comes technology, but organizations must show they have taken appropriate measures to ensure the security and privacy of EU citizens and prevent unlawful access. Experts anticipate that the market will define standards over time, but organizations should expect that confirming that encryption measures are in place to secure and control data will be among the first steps that regulators and legal teams will take while investigating GDPR compliance.

Reducing Breach Notifications

 

Under the GDPR, requirements for breach notifications have become much stricter.   Organizations using strong encryption, policy control, and auditing features can not only show they are taking appropriate steps to mitigate risk, but also to reduce breach impact, and to save brand reputation and financial resources by reducing the notification required if a data breach occurs.

Best-Practice Cloud Data Security

 

In addition to simplifying GDPR compliance, automatically encrypting data before cloud exposure and enforcing policy-controls ensures Segregation of Duties. This is a must when it comes to best-practice cloud security. By defining clear roles, an organization can clearly position itself as the data controller and leave the cloud service provider (CSP) to what they do best as a data processor, delivering and maintaining applications and infrastructure.

Simplifying Data Transfers

 

GDPR places limitations on data transfers in order to protect the data and privacy of EU citizens. By encrypting data before it leaves your trusted network and choosing a solution that supports multiple keys, an organization can ensure that data originating from a specific country is never exposed as cleartext outside that territory and that the encryption keys to unlock it reside only within the organization’s jurisdiction. This is a simple way for organizations to address data transfer requirements without the limitations of local data centers.

Uncertain Role of Cloud Service Providers

 

Some critics predict that providers may be viewed as controllers due to their standard operations of collecting data for analytics and troubleshooting.  Organizations can overcome uncertainty around evolving roles by ensuring their CSP never has access to their cleartext data.

Looking to secure and govern data in all your IT-sanctioned cloud services? Schedule a Vaultive demo today to see our unique approach in action.