are you ready for gdpr? - IBM Resilient

The countdown to General Data Protection Regulation (GDPR) enforcement has begun. Ready or not, all organizations that process personal data that originates in the EU must comply with these new mandates by the enforcement date. Potential fine under. Global Data Privacy. Regulations (GDPR):. On the Road to ...
3MB Sizes 10 Downloads 167 Views
The Road to Resilience:

ARE YOU READY FOR GDPR?

The countdown to General Data Protection Regulation (GDPR) enforcement has begun. Ready or not, all organizations that process personal data that originates in the EU must comply with these new mandates by the enforcement date.

GDPR enforcement starts May 25, 2018 KEY GDPR STATS:

Only about

Potential fine under Global Data Privacy Regulations (GDPR):

50%

Deadline to notify authorities of breach:

72

€20M OR UP TO

of IT and security practitioners have started to prepare for the GDPR mandate

4%

HOURS

OF REVENUES

On the Road to Resilience:

YOUR GPS FOR GDPR INCIDENT RESPONSE PHASE I: PEOPLE & PROCESS

READY

MILESTONE 1:

GOVERNANCE

MILESTONE 2:

POLICIES & PROCEDURES

• Establish GDPR project management team

• Define “personal data” consistent with GDPR

• Have business units appoint GDPR leader

• Examine policies and procedures governing how personal data is collected

• Determine your Data Protection Authority (DPA) • Assess need for Data Protection Officer (DPO) or Representative

• 75,000 New Data Protection Officer jobs will be created in the next 2 years

PHASE II: TECHNOLOGY

SET

MILESTONE 3:

CROSS-BORDER TRANSFER METHODS

MILESTONE 4:

DATA PROTECTION RISK

• Determine appropriate mechanism for transferring data across borders

• Identify company’s information security program • Identify options for GDPR certification bodies • Choose a GDPR certification partner

MILESTONE 5:

THIRD-PARTY VENDOR MANAGEMENT • Establish and maintain data protection requirements for third parties

GO

• Create model language for vendors processing personal information

START DATE FOR GDPR ENFORCEMENT

25 MAY, 2018

• Amend contracts to incorporate new language

PHASE III: CONTINUOUS IMPROVEMENT Though the May 25, 2018 GDPR deadline can feel like a race to the finish line, preparing, practicing, and responding to a data privacy incident is a journey to continual improvement. Below are recommended milestones for GDPR and other regulatory-driven incident response preparedness obligations. MILESTONE 6:

RESPONSE PROGRAM FOR ACCESSING PERSONAL DATA • Create procedures

MILESTONE 7:

MONITORING NEW OPERATIONAL PRACTICES

• Provide mechanisms for updating personal data

• Integrate Privacy by Design

• Response policies for data portability

• Training and conducting impact assessments

• Response to "right to be forgotten"

• Track and mitigate data protection issues • Report impact assessement and analysis results to regulators

MILESTONE 8:

DATA PRIVACY & BREACH MANAGEMENT PROGRAM • Create data privacy incident/breach response plan • Create breach notification and reporting procedure • Create log to track data privacy incidents

MILESTONE 9:

TRAINING & AWARENESS PROGRAM • Conduct privacy and data security training at least annually

• Document compliance/accountability of your breach mgmt program • Identify ongoing privacy compliance responsibiity

1011010010101101001000101001010101101001010110100100010100101010 1101001010110100100010100101010110100101011010010001010010101011 0100101011010010001010010101011010010101101001000101001010101101 0010101101001000101001010101101001010110100100010100101010110100 1010110100100010100101010110100101011010010001010010101011010010 1011010010001010010101011010010101101001000101001010101101001010 1101001000101001010101101001010110100100010100101010110100101011 0 1 0 0 1 0 0With 0 1 0GDPR 1 0 0 1intelligence 0 1 0 1 0 1 1 built 0 1 0 right 0 1 0 into 1 0 1 the 1 0 1platform, 0 0 1 0 0 0orchestration 1 0 1 0 0 1 0 1 and 0 1 0automation 11010010101101 0 0 1 0 0 0 1 empowers 0 1 0 0 1 0 1 your 0 1 0 security 1 1 0 1 0 0teams 1 0 1 0in1 3 1 0key 1 0 areas 0 1 0 0to 0 1prepare, 0 1 0 0 1 practice, 0 1 0 1 0 1and 1 0 1respond 001010110100 1 0 0 0 1 0 1 0 0 1 to 0 1a0breach 1 0 1 1 0at1 0 0 1 0 1 0 1 1 0 1 0 0 1 0 0 0 1 0 1 0 0 1 0 1 0 1 0 1 1 0 1 0 0 101011010010 a fraction of the time it takes your team to do manually. 0010100101010110100101011010010001010010101011010010101101001000 1010010101011010010101101001000101001010101101001010110100100010 1001010101101001010110100100010100101010110100101011010010001010 0101010110100101011010010001010010101011010010101101001000101001 0 1 0 1 0 1 1 0 11. 0 0PREPARE 1 0 1 0 1 1 0 1 0 0 1 0 0 0 1 02. 1 0PRACTICE 0 1 0 1 0 1 0 1 1 0 1 0 0 1 0 13. 0 1RESPOND 10100100010100101 0 1 0 1 1 0 1 Built-in 0 0 1 0GDPR 1 0 1Prep 1 0 1Guide 0 0 1 0 0 0 1 0 1 0 0 GDPR 1 0 1 Simulator 0101101001010110 1 0 reporting 010001010010101 GDPR 0 1 1 0 1 0 0 1prescribes 0 1 0 1 1 step-by-step 0 1 0 0 1 0 0 0 1 0 1 0 0 1 0battle-tests 1 0 1 0 1 1your 0 1 0 0 1 0 1 0 1 1 0 1requirements 0 0 1 0 0 0 and 101001010101 security incidents how to prepare now team for a data 1010010101101001000101001010101101001010110100100010100101010110 1 0 0 1 0 1 0 1 1Governance 0 1 0 0 1 0 0 0 1 0 1 0 0 1 0 1 0 1 breach 0 1 1 0under 1 0 0GDPR 1 0 1 0 1 1 0 1 0 0 1automatically 0 0 0 1 0 1 updated 0010101011010 as they become law Policies & Procedures 0101011010010001010010101011010010101101001000101001010101101001 Cross Border Transfer Methods 010110100 1 Protection 0 0 0 Risk 101001010101101001010110100100010100101010110100101 Data 1 0 1 1 0 1 0 0 1Third-Party 0 1 0 Vendor 1 1 0Management 1001000101001010101101001010110100100010100101010 Respond to Requests & Complaints 1 1 0 1 0 0 1 0 Monitor 1 0 1 New 1 0Operational 1 0 0 1Practices 00010100101010110100101011010010001010010101011 0 1 0 0 1 0 1 0 Data 1 1 Privacy 0 1 0Breach 010001010010101011010010101101001000101001010101101 0 0 1 0 1 0 1 1 0Management 1 0 0 1Program 000101001010101101001010110100100010100101010110100 Training & Awareness Program 1010110100100010100101010110100101011010010001010010101011010010 1011010010001010010101011010010101101001000101001010101101001010 1101001000101001010101101001010110100100010100101010110100101011 0100100010100101010110100101011010010001010010101011010010101101

GET ON THE ROAD TO GDPR READINESS WITH IBM RESILIENT

GET FURTHER DIRECTIONS TO GDPR READINESS

IBM Resilient has everything you’ll need for GDPR Readiness and your Incident Response programs. Learn how you can better navigate the GDPR landscape at: www.resilientsystems.com/cyber-resilience-knowledge-center/GDPR Sources: EUGDPR.org; The Ponemon Institute: The Need for a New IT Security Architecture, March 2017