The document discusses six key components for organizations to achieve General Data Protection Regulation (GDPR) cyber security requirements: 1) data governance, 2) data classification, 3) data discovery, 4) data access, 5) data handling, and 6) data protection. It provides an overview of GDPR and its requirements, as well as how the consulting firm Optiv can help organizations develop a strategic roadmap to meet compliance.
2. The General Data Protection
Regulation (GDPR) is hitting
the world by storm.
With a deadline of May 25, 2018, organizations are
searching for an all-encompassing solution for
GDPR readiness and compliance.
Optiv is strategically positioned to assist
organizations with the cyber security components
of the GDPR regulation. Our goal is to help clients
reduce noise around point solutions, understand
the requirements as they relate to the organization,
develop a strategic and tailored GDPR roadmap and
execute across the six pillars of GDPR compliance.
Optiv is here to help you not only weather the
GPDR storm, but conquer it.
1Six Key Components to Achieving GDPR Cyber Security Requirements
3. In a perfect world – to avoid GDPR
retribution – don’t get breached.
Sounds easy, but unfortunately it’s
not that simple. The key is to prove
due diligence.
With the May 2018 deadline
approaching, how is your
organization preparing for GDPR?
GDPR is a sweeping
privacy law with strict
fines and penalties
should a breach occur.
WHAT IS GENERAL DATA PROTECTION REGULATION?
2Six Key Components to Achieving GDPR Cyber Security Requirements
4. The General Data
Protection Regulation –
At 10,000 Feet
• Applies to all organizations processing
personal data of EU citizens
• Organizations in breach will be fined up to
4 percent of annual global turnover or $20
Million (Euro) (whichever is greater).
• Defines lawfulness of processing to include
consent by data subjects, “Privacy by Design”,
the “Right to Be Forgotten” and data portability
requirements
• Outlines responsibilities of controllers and
processors
• Requires Privacy Impact Assessments
• Breach notification requirements
• Appointment of a Data Protection Officer
• Deadline for compliance – May 25, 2018
3Six Key Components to Achieving GDPR Cyber Security Requirements
5. Can you interpret how GDPR
effects your organization?
Quick hit questions to consider:
√ Do you know what data is relevant to
GDPR?
√ Do you know where that data is?
√ Do you know who has access to this data?
√ Do you have the right controls in place to
protect that data?
√ Can you show your work to prove GDPR
due diligence?
√ How can you prioritize GDPR against
your other threats?
GDPR is a complex challenge that affects multiple
areas of your organization:
4Six Key Components to Achieving GDPR Cyber Security Requirements
Cyber Security IT Legal
6. Achieve and maintain
compliance across the Six
Cyber Security Pillars of GDPR
5Six Key Components to Achieving GDPR Cyber Security Requirements
Data Governance
Data
Classification
Data
Discovery
Data Access
Data
Handling
Data
Protection
7. Data Governance
6Six Key Components to Achieving GDPR Cyber Security Requirements
Understand your GDPR obligations as
they relate to your business and activate
your program to meet these obligations.
Data Classification
Analyze what data within your environment
is relevant to GDPR and develop a proper
classification scheme for ongoing data
management.
SIX PILLARS OF GDPR COMPLIANCE
Data Discovery
Discover where sensitive data lives within
your environment and setup structures
for ongoing management of such data.
8. 8Six Key Components to Achieving GDPR Cyber Security Requirements
Data Access
Determine who has access to the data
and setup rules for ongoing access
management.
SIX PILLARS OF GDPR COMPLIANCE
Data Handling
Prepare for the chance of an incident and
ensure that plans are in place to meet
GDPR obligations regarding the handling
of sensitive information.
Data Protection
Plan, build and run an appropriate
security program to protect sensitive
information.