Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 27 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

One Year Down: GDPR By The Numbers.

by The Gurus
May 28, 2019
in Data Protection, Featured
One Year Down: GDPR By The Numbers.
Share on FacebookShare on Twitter

By Mike Kiser, Global Strategist and Evangelist, SailPoint

Today marks the first anniversary of the EU’s General Data Protection Regulation (GDPR). Europe’s data privacy regulation shook up the privacy world by imposing penalties for some of the strongest consumer protection laws of the last 20 years and inspired even stricter laws in other parts of the world. GDPR created a single breach-notification regulation for the entire EU with the goal of protecting personal data of EU citizens.

So, how are organisations fairing under GDPR? So far, there have been over 64,000 breach notifications, and regulators in 11 European countries have imposed $63 million (or £49 million) in fines. And these are just the first signs of a large wave to follow. With only 29% of EU organisations GDPR compliant, the breaches and fines will continue to happen. This reminds us that our identities comprise not just our attributes, but all personal data that relate to us. Today, we’ll explore three GDPR cases and how the right identity governance strategy can help meet requirements in a sustainable and cost-effective manner.

Taxa 4×35, Denmark, recommended $180,000 fine

One of the primary objectives of the GDPR is privacy: the protection of personal data. That means the spotlight is now focused on how organisations process, store, and secure personal data. A key component of this: getting rid of data that you don’t need. But in Denmark, Datatilsynet recommended fining the taxi company Taxa 4×35 nearly 1.2 million in DK ($180,000) for failing to delete records (customer phone numbers) on 9 million taxi rides after they became unnecessary.

Here’s where identity governance can help. A solid identity governance strategy provides visibility to personal data: what personal data is being stored, who is responsible for it, and who can access it. It also puts in controls and protections in place by removing personal data that has expired. To avoid a GDPR fine, the taxi company needs to put safeguards in place that deletes data following a specified time period, in this case deleting phone numbers after the ride was over not holding onto this customer data for five years.

Hospital, Portugal, $446,700 fine

When it comes to GDPR, organisations must “design in” measures to ensure data protection compliance. After determining that a hospital in Portugal was allowing patients’ medical data to be accessed by non-medical staff, the result of an oversight within their IT department, two fines were imposed for a total of €400,000 ($446,700) because of their “failure to put in place appropriate technical and organizational measures to protect patient data.”

With identity governance, organisations can strengthen controls by providing centralised visibility into the access control models for all resources storing and processing personal data, assigning data owners to all resources containing personal data, and automating review of access rights across all resources containing personal data. The violations the hospital was fined for could have been prevented if they had an identity governance platform in place to help centralise the view of users’ access and thus ensure that the right people had the right access to the right data.

Hotel, EU, investigation ongoing

Under GDPR, organisations are required to report data breaches from 72 hours from the time they became aware of the breach to report it. Enter in a high-profile case of a large hotel chain, which has been ongoing for several years, but it is a good example to show what will happen if you don’t report a breach in a timely manner. A data breach impacting 500 million hotel customers was discovered in September 2018, with some saying the breach has been ongoing since as early as 2014. This incident was not disclosed until late November of 2018, far outside the 72-hour window for disclosure set by GDPR. The penalty? Up to $915 million.

Identity governance is put in place to help notify data owners and managers of any violations or anomalies in the access of sensitive data, and to automate remediation when violations are detected. If the hotel had something in place to detect the breach on the onset, it might have avoided the potentially massive fines that may result from missing the reporting window.

Identity at Play: Security Is a Marathon, Not a Sprint

By looking at the taxi company, the hospital and the hotel, it is clear that the only way to maintain GDPR compliance and data protection is to automate as many identity and access management tools and security audit processes as is reasonably possible. From these cases, it is imperative that automation is a vital component when processes must be repeated regularly and responses need to occur in real time.

With one year under its belt, it doesn’t look like the GDPR is going anywhere anytime soon. By assessing risks with identity governance at the forefront, an organisation can create a roadmap to prioritize and remediate the most pressing regulatory gaps, and thus effectively control and secure the organisation’s data.

FacebookTweetLinkedIn
Share3TweetShare
Previous Post

Cyber Risk Management – Bringing Security Intelligence To The Board.

Next Post

Almost 80 Percent Of Cyber Security Professionals Concerned They Don’t Have The Resources They need.

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information