The General Data Protection Regulation or “We Don’t Know What We Don’t Know”

The clock is ticking on the General Data Protection Regulation (GDPR) coming into effect and while there isn’t wide scale panic yet, lots of organizations are either 1) in denial or 2) just coming to grips with its implications. The difficulty with GDPR is that the regulation states the “WHAT” but pretty much is silent on the “HOW”. The overwhelming majority of the regulation deals with process, procedure and is it really necessary to collect the data and stresses the rights of the data subject. How to protect the data, in movement and in rest, is left to individual organizations to decide except for the vague mention of “continuous risk assessment” and “state of the art”. Another major change from the existing national regulations, which were enacted during the mid to late 1990s, GDPR takes into account the massive change in how technology plays in everyday. To protect the data subject, the punitive aspect of non-compliance is significant with penalties of €20M or 4% of annual turnover, whichever is GREATER. So in this confusing and changing environment, where do cyber security technologies come into play? This session will focus on the role of the underlying network in any organization’s GDPR compliance efforts and how to take advantage of certain aspects of GDPR to avoid the substantial penalties associated with the regulation.