16th PCI London, 25 January 2018, London, UK

Without sounding over dramatic but time is truly running out for businesses who have yet to engage or consider how to become compliant for GDPR. The clock is ticking and with less than 6 months remaining until GDPR is rolled out across the EU, the time to start your complaint process is now. Researching GDPR is easy with the vast volume of information the internet is producing each day, but who do organisation’s turn to for practical help that will aid them in becoming compliant? We believe Ground Labs is part of the solution.

In under 6 months-time, GDPR will be rolled out across the UK and the wider EU putting into law a set of regulations that will impact every business when dealing directly with EU citizens personal information.

Who within the organisation does the responsibility of preparing for GDPR ultimately fall on? Can this important task be left to the head of IT? From our experience, we are finding that the GDPR journey needs to be more of a company-wide approach. The regulation is very clear that businesses must ensure privacy by design when projects are undertaken. Privacy and security must go hand in hand from the beginning to the end of any project and to take a wider organisational approach to compliance will yield better results.

Taking a companywide decision allows businesses to get ahead of GDPR and put into place the necessary steps. We are also noticing businesses who use the PCI DSS framework for compliance have taken major steps in their preparation process for the ongoing GDPR storm, those who take this path will help them to build a total compliance framework covering all standards.

The compliance frameworks are just one part of the bigger picture of GDPR. There is a real business need in the market for practical ways to address these challenges on a daily basis and to help assist with continuous compliance. We suggest having the ability to forensically scan for all structured and unstructured data across your entire businesses environment.

Having a tool that has over 200 data types preconfigured to allow you to highlight what sensitive data was found and report back on it is one thing but once this data is found there needs to be practical policies in place to remediate it. Enterprise Recon not only gives you the power to scan and remediate sensitive data within your environment but through the custom scanning capability it will help you comply with Article 15 “Right to Accesses” or a Subject Access Request and Article 17 “Right to Erasure”. Once you know where the sensitive data is currently sitting you want the ability to effectively manage it and report back to the data subject.

We understand this is only one part of the process but taking steps now to discover, monitor and remediate sensitive data is key to PCI and GDPR, so act now!

Summary

The PCI DSS has set a goal of Business-As-Usual security, while GDPR needs businesses to ensure privacy by design. Under these rules, businesses will have to integrate data privacy and security from the start to end of all projects. Our Enterprise Recon software allows you to simplify the processes needed to make security a Business-As-Usual practice for your organisation. Recurring scans can be set to ensure continuous monitoring. You can also receive concise and detailed reports of your business’ data build-up, directly on your management dashboard. Finally, we believe being at this year’s PCI London event will give us the opportunity to share our experiences in the market and give practical tips to businesses to deal with the four main articles of GDPR.

Meet us at this year’s PCI London event in Park Plaza Victoria, 239 Vauxhall Bridge Road, London, SW1V 1EQ. UK. To register your interest in a Demo please contact mattjt@groundlabs.com.

Want to keep up with all our blog posts? Subscribe to our newsletter!

Subscribe