GDPR? There is nothing to fear. Nothing.

General Data Protection Regulation (GDPR) has organizations scrambling to improve their existing technologies to meet the new standards. On May 25, 2018, GDPR goes into effect and with it, new penalties for those who violate the EU’s demand for tighter data protection.

There is another edge to the proverbial sword: lost revenue and consumer trust. When an organization is cited for non-compliance, the outrage of consumers can be just as, if not more, financially damaging. Until the first fine is issued, everyone is speculating on the penalty’s severity. However, there is historic data we can examine that shows the effects of lost consumer trust. When millions of EU citizens refuse to do business with you, that can have stupefying effects on revenue. 

Organizations looking to satisfy regulators, cannot underestimate the cost of losing millions of customers.  Putting these two costs together, can swiftly bankrupt a company.

In response to these sirens, organizations are expanding their technology footprints, implementing new systems, and looking for information security products. This maniacal pursuit of more technology is comfortable, because it is what we have always done. 

But we should be cautious when assuming that more technology is going to solve the GDPR riddle. What animates the buying frenzy is fear and uncertainty about what could happen. 

Stoking the flames of fear, we have technology vendors. Vendors have spilled industrial quantities of digital ink, posted webinars every 1.83 minutes, and used scare tactics to frighten. Why is that? Primarily, the goal is to sell you something. If a vendor can cause a sense of panic, they can increase the probability that you will purchase one of their products.  

I have examined the steps organizations can take – some philosophical, some technical – to prepare their networks for the new regulations and fortify consumer trust. I set aside the personnel and breach reporting, because we are looking at what you can do to ensure compliance and prevent data exposure and compromise from the very start. 

The methods are not new, they are the foundations of information security. 

The steps outlined will show you how to keep your head when all about you are losing theirs, analyze your current state, automate your compliance, and orchestrate change across the network. 

You’ve done this before, you can do it again. Let’s put aside the exotic claims and the fear-mongering, let’s dismiss the conclusions that have no evidence, and let’s restore the confidence of security professionals. 

GDPR is a special instance of government regulations; you’ve seen this for decades. There is nothing to fear. 

Nothing.

#GDPR #cybersecurity #infosec