GDPR & Compliance Risk
When General Data Protection Regulation (GDPR) of the European Union (EU) becomes law on May 25th, 2018, many organizations can face significant penalties of up to 4% of their annual revenue or € 20,000,000 (Article 83, Paragraph 5 & 6). GDPR will force many organizations to understand their data privacy risks and take the appropriate measures to reduce the risk of unauthorized disclosure of consumers’ private information.
According to various research studies, regulatory and compliance conditions will continue to challenge organizations in safeguarding their data and will also increase their responsibility for safeguarding their information:
- Breaches continue to grow year over year (38%, PWC)
- Intellectual property thefts show significant growth (56%, PWC)
- Cost of data breaches is continually growing ($4M per incident, Ponemon)
- New privacy regulations (General Data Protection Act—GDPR)
- Boards are holding CEOs and executives responsible for breaches (NYSE survey)
With these conditions, organizations must have a complete understanding of their sensitive data and its risk to ensure compliance with policies and privacy laws, and organizations should monitor suspicious activity, unauthorized data access or transfers and remediate with security controls, alerts or notifications.
At Secutor, we’ve worked with various organizations to help identify compliance and regulatory issues, including:
- DIACAP / RMF
- FISMA ICD 503
- GPG 13
- ISO 27001
- NIST 800-37 and 800-53
- PCI DSS