On May 25, 2018, the European Union officially enacted the General Data Protection Regulation (GDPR), which will have a transformative effect on how companies manage and secure personal data.
The GDPR marks the biggest change to EU data privacy laws in more than 20 years and applies to any organization worldwide that collects and stores personal EU citizen data such as health history, financial information, and the like.
Further, still more privacy regulations are cropping up around the globe, making data privacy and protection perhaps one of the most pressing industry evolutions in years to impact CISOs.
If you’re reading this, chances are you already know the basics about GDPR and are starting to comply with – or, for many, developed an IT roadmap and begun execution toward that plan – the key elements of GDPR. Most organizations have naturally gravitated toward leveraging analytical tools to map what data they have and then classify a subset of the information they manage that is personal data, and thus responsive to GDPR as a first practical step toward compliance.
Other IT projects in full flight are likely to be encryption, breach detection, and breach prevention to ensure citizen data is appropriately protected.