The last week had been very happening with respect to data privacy in Europe. The EU`s General Data Protection Regulation on the one hand provides sufficient confidence to EU citizens on how their data is used, processed and protected but on the other hand puts organization think tank at a job to assess the controls in place to comply with new regulation. The CIOs and CISOs will have challenging job at their disposal to ensure compliance in order to avoid financial penalties and reputational damage. This will not only require different security controls to put in place but also a holistic approach to ensure that organization understand the personal data and classifies them accordingly to put stricter control in place. The process below will help organization start thinking on this perspective:
- Identify: As a first step the organizations will be required to identify all data type and data stores (databased, cloud, etc.) and create an inventory along with a data classification
- Assess: The assess phase help understand the users who have access to such data and whether they are authorized for it. It will also help in understanding the control processes in place for joiner, mover and leaver cases.
- Implement: The implementation phase will either require a green-field implementation or enhanced access governance system in place to identify any non-compliance to the regulatory requirement.
- Monitor: The monitor phase will help understand the effectiveness of the solution in place. It will also help organization review access to such data on regular frequency.
Authored by Vikas Choudhary
Rate this article: