SlideShare a Scribd company logo

Keep Calm and GDPR

M
MissMarvel70

Buzz about the General Data Protection Regulation (GDPR) has been around for years, but with the new security rules finally going into play in May 2018, it’s time to take it seriously. Some enterprises have been panicking, some have been preparing, and most have been doing a little of both. The new GDPR law will impact all companies who work with any EU citizens or companies. What does this mean for your business?

Technology
1 of 8
Download to read offline
AND A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YE AR ’S BIG CHANGES IN DATA SECURIT Y KEEP CALM GDPR
KEEP CALM AND GDPR A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YE AR ’S BIG CHANGES IN DATA SECURIT Y Buzz about the General Data Protection Regulation (GDPR) has been around for years, but with the new security rules finally going into play in May 2018, it’s time to take it seriously. Some enterprises have been panicking, some have been preparing, and most have been doing a lit- tle of both. The new GDPR law will impact all companies who work with any EU citizens or companies. What does this mean for your business?
KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY WHO NEEDS TO COMPLY WITH THE GDPR? Any company that does business in any of the 28 EU mem- ber states or with any EU citizens. Whether you’ve got branches across Switzerland or just have PII on one person in Paris who signed up for your newsletter, you have to com- ply. But even if you don’t do business in Europe, the GDPR is likely to change global security standards going forward, so it might not be a bad idea to get on board anyway. Meet the GDPR The GDPR cracks down on the way companies process and store cus- tomers’ personally identifying information (PII), which includes every- thing from names, birthdays, photos, and email addresses to medical data, pseudonymised data, and IP addresses. Better protection means fewer data breaches—but it also ensures that customer information stays safe when a data breach does occur. Sure, some regulations protecting PII already exist, so the GDPR might seem like just another rule to follow. But it’s important to realize that the GDPR is far stricter and has far more severe punishments than any regula- tions we’ve seen before. Compliance is going to be vital. The GDPR contains 99 articles that lay out regulations for data storage and protection, but here are the major ones to keep in mind: • Data breaches must be reported within 72 hours, along with information about which customers’ data was breached. Today, many companies aren’t aware that a data breach has occurred until weeks, sometimes months, after the fact. The latest Fireye M-Trends report states that an average breach goes undetected for 146 days, so the new disclosure requirement calls for a seriously stepped-up game. 
 • Customers gain more control over their data. They can ask to see which of their data a company stores and have the “right to be forgotten,” or to have their data deleted.
 • Companies are now liable for any breaches resulting from data (mis)management by third-party contractors.
 • All companies dealing with EU citizens must be able to demonstrate that they’ve adopted appropriate security measures.
 • Non-compliance with GDPR will result in major, unprecedented fines of €20 million or 4% of global revenues, whichever is higher. For many companies, non- compliance is not financially feasible.
KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY Third-party problems We can’t stress enough the significance of one of the more onerous re- quirements of the GDPR: All companies are now responsible for data breaches that occur on their third-party contractors’ watch. In other words, even if your company has excellent security measures in place, your law/accounting firm, regulators, business partners, or consulting firms might not. And that’s a problem. Whether you grant a third party access to your database or just share a Dropbox folder with them, data and documents are out of your hands and off your company’s servers. In the past, third parties’ data breaches were third parties’ problems. No longer. With GDPR, you’re on the hook for any breached or stolen customer PII, even if it’s not necessarily your fault. So even if you’ve done all you can to make sure you’re in compliance, you must ensure that your data is still safe once it leaves the enterprise. This is a major change and is likely to require a significant adjustment and security overhaul. Don’t panic (yet), but read on for some tangible steps you can take to make sure you do this right. Devices Cloud Services Email ? ? Email ? ? ? ? ? ? ? ? ? ? ?
KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY A+ steps to take now to prepare for the GDPR Assess. Take stock of your company’s current security situation. Where is customer data stored and how? What types of documents are used to store it? Who has access to it? How does it get moved between people or departments? What security measures are already in place, both in the enterprise and outside of it (i.e. in the cloud)? What processes are in place to detect and respond to a data breach? How much of your cur- rent security situation complies with the GDPR requirements?
 • Act. Implement security measures that comply with GDPR and protect PII, whether that means encryption, beaconization, or strict data usage guidelines. Put these rules in writing and make sure everyone at your company knows them. Assume a data breach will happen and create a response plan. Who will be responsible for reporting it, and how will that happen in the required 72-hour window?
 • Assemble. Make a list of every single third party your company works with in any capacity and in every department.
 • Agree. Ask your third-party contractors to sign agreements acknowledging that they will not outsource work without explicit approval, they will maintain a risk-based security program that is GDPR-compliant (with your guidance if necessary), and they will report any data breaches or changes to you immediately. Contractors must also return or destroy all confidential data at the end of their contract or termination. 
 • Appoint. Select someone in your company to be the Data Protection Officer (DPO). GDPR recommends that this person is the point person regarding all data security operations and stays on top of data breach prevention and response.
 • Allure. Allure Security’s Novo software is specifically designed to prevent third- party data breaches and doesn’t require keeping track of any keys, passwords, or contractors’ activities. Consider adding Novo to your security line-up to ensure GDPR compliance—and peace of mind. A+ STEPS: 1. ACT 2. ASSEMBLE 3. AGREE 4. APPOINT 5. ALLURE
KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY How Novo can help One of the biggest headaches with GDPR compliance is ensuring that documents and data aren’t accessed by unauthorized parties, whether they’re stolen, accidentally forwarded, or leaked with malicious intent. Allure Security’s Novo is designed to give you visibility and control over your documents and data. By embedding a beacon in every document your company uses, Novo keeps track of where sensitive documents and data are at all times. Set up a geofence around your company’s building or your contractor’s office, or authorize an employee’s personal IP address; as soon as a document is opened outside an authorized area, Novo sends an alert and lets you know exactly which documents were opened and affected. What’s more, Novo ren- ders the document unreadable outside the authorized area. In other words, not only are you instantly notified of suspicious activity, but the data itself is impenetrable if it finds itself where it doesn’t belong. The rapid alert system makes it easy to notify authorities and customers about a breach within minutes, well before 72 hours is up. “Novo’s beaconization technology can dramatically reduce risks for large enterprises and align them with the GDPR requirements to provide a reasonable risk-based security solu- tion,” says Sal Stolfo, CTO of Allure Security. “Novo is exactly that: it’s reasonable, it’s a means of detecting breaches, and it’s a means of informing a company when a breach occurs. It ensures compliance and it works.” Breaches are going to happen—there’s no getting around that fact in this day and age as hackers get increasingly savvy. And the GDPR won’t punish you for experiencing a breach. What the GDPR does ask you to do, though, is have solutions in place that mini- mize risks, monitor your data’s security in the hands of third parties, and be able to report problems when they occur. Novo makes this possible. I N T R O D U C I N G : Novo’s beaconization technology can dramatically reduce risks for large enterprises and align them with the GDPR requirements to provide a reasonable risk-based security solution
KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY How it works Allure Security’s flagship Novo product is the first Data Loss Detection and Response (DDR) technology that automatically tracks document flows in and outside the enterprise network using machine-learned Document Behavior Analytics (DBA) and data-level deception to pin- point the source of exfiltration in real time and take action to prevent data loss. As documents flow through your existing network gateways, Novo tags real data with bea- cons, maps all locations where beaconized documents are accessed, and learns normal document flow and behavior. Novo alerts the moment it sees documents being opened where they shouldn’t be—outside the geofence in another country, an employee’s home computer, or any other suspicious location. If Novo detects unusual document behavior, it replaces real documents with decoys, or fake documents, to protect the data and catch attackers or insiders. Real Time Alerts Big Data Insights & Reports ENTERPRISE NETWORK Documents Network Gateway DBA ML Engine Detection Policy Engine Threat Intel Beacons DocFlows DECOY GENERATOR BEACONIZER Sonar Beacon Events
KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY The Novo Difference In the race to become compliant before May, your company might be looking at a number of different solutions. Most solutions out there are based on encryption, which ensures that if a document is intercepted in the cloud, for instance, the interceptor won’t have the necessary de- cryption key to understand the content. However, relying on encryption to manage thousands of employees with access to millions of docu- ments and billions of pieces of data—well, that’s a lot of decryption keys and a huge technical challenge, especially when third parties come into play. Losing even one key can lead to a loss of data, and managing and enforcing an encryption solution among contractors and others operat- ing outside the network is difficult, to say the least. Novo moves past the concepts of endpoints and keys, and it frankly doesn’t matter how your data is shared or stored. Novo makes it easy to know exactly where all your data is all the time—and if it’s not where it’s supposed to be, you’ll know right away. Novo is easy to manage, secure, and accountable—and best of all, it’s GDPR compliant from the moment you set it up. “Enterprises aren’t aware of where their documents go once they leave their network. We believe visibility is the number-one way to prevent the loss of data,” says Mark Jaffe, CEO of Allure Security. “Third parties have long been an obstacle to data security, and the GDPR is taking significant strides to improve data breach protection. Novo stands up to the task, and by making security second-nature, it lets enterprises focus on the work they care about most.” Enterprises aren’t aware of where their documents go once they leave their network. We believe visibility is the number- one way to prevent the loss of data Take Novo for a test drive and see where your document travels by visiting alluresecurity.com and requesting to schedule a demo.

Recommended

GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceMarketingArrowECS_CZ
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 

Recommended

GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceMarketingArrowECS_CZ
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceObservePoint
 
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM TyszkaJean-Michel Tyszka
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?Peter Witsenburg
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
How to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantHow to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantXenith Document Systems Ltd
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategyProf. Jacques Folon (Ph.D)
 
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq
 
GDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistGDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistNetworkIQ
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileBen Saunders
 

More Related Content

What's hot

GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...ObservePoint
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceDave James
 
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq
 

What's hot (20)

GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
How to keep printing processes GDPR compliant
How to keep printing processes GDPR compliantHow to keep printing processes GDPR compliant
How to keep printing processes GDPR compliant
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
 

Similar to Keep Calm and GDPR

GDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistGDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistNetworkIQ
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileBen Saunders
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliancePeter Goldbrunner
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Jacklin Berry
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...Giulio Coraggio
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryTech Data
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment toolsRajivarnan R
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Dryden Geary
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 

Similar to Keep Calm and GDPR (20)

GDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation ChecklistGDPR 9 Step SIEM Implementation Checklist
GDPR 9 Step SIEM Implementation Checklist
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay Agile
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 
IDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPRIDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPR
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR Glossary
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 

Keep Calm and GDPR

  • 1. AND A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YE AR ’S BIG CHANGES IN DATA SECURIT Y KEEP CALM GDPR
  • 2. KEEP CALM AND GDPR A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YE AR ’S BIG CHANGES IN DATA SECURIT Y Buzz about the General Data Protection Regulation (GDPR) has been around for years, but with the new security rules finally going into play in May 2018, it’s time to take it seriously. Some enterprises have been panicking, some have been preparing, and most have been doing a lit- tle of both. The new GDPR law will impact all companies who work with any EU citizens or companies. What does this mean for your business?
  • 3. KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY WHO NEEDS TO COMPLY WITH THE GDPR? Any company that does business in any of the 28 EU mem- ber states or with any EU citizens. Whether you’ve got branches across Switzerland or just have PII on one person in Paris who signed up for your newsletter, you have to com- ply. But even if you don’t do business in Europe, the GDPR is likely to change global security standards going forward, so it might not be a bad idea to get on board anyway. Meet the GDPR The GDPR cracks down on the way companies process and store cus- tomers’ personally identifying information (PII), which includes every- thing from names, birthdays, photos, and email addresses to medical data, pseudonymised data, and IP addresses. Better protection means fewer data breaches—but it also ensures that customer information stays safe when a data breach does occur. Sure, some regulations protecting PII already exist, so the GDPR might seem like just another rule to follow. But it’s important to realize that the GDPR is far stricter and has far more severe punishments than any regula- tions we’ve seen before. Compliance is going to be vital. The GDPR contains 99 articles that lay out regulations for data storage and protection, but here are the major ones to keep in mind: • Data breaches must be reported within 72 hours, along with information about which customers’ data was breached. Today, many companies aren’t aware that a data breach has occurred until weeks, sometimes months, after the fact. The latest Fireye M-Trends report states that an average breach goes undetected for 146 days, so the new disclosure requirement calls for a seriously stepped-up game. 
 • Customers gain more control over their data. They can ask to see which of their data a company stores and have the “right to be forgotten,” or to have their data deleted.
 • Companies are now liable for any breaches resulting from data (mis)management by third-party contractors.
 • All companies dealing with EU citizens must be able to demonstrate that they’ve adopted appropriate security measures.
 • Non-compliance with GDPR will result in major, unprecedented fines of €20 million or 4% of global revenues, whichever is higher. For many companies, non- compliance is not financially feasible.
  • 4. KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY Third-party problems We can’t stress enough the significance of one of the more onerous re- quirements of the GDPR: All companies are now responsible for data breaches that occur on their third-party contractors’ watch. In other words, even if your company has excellent security measures in place, your law/accounting firm, regulators, business partners, or consulting firms might not. And that’s a problem. Whether you grant a third party access to your database or just share a Dropbox folder with them, data and documents are out of your hands and off your company’s servers. In the past, third parties’ data breaches were third parties’ problems. No longer. With GDPR, you’re on the hook for any breached or stolen customer PII, even if it’s not necessarily your fault. So even if you’ve done all you can to make sure you’re in compliance, you must ensure that your data is still safe once it leaves the enterprise. This is a major change and is likely to require a significant adjustment and security overhaul. Don’t panic (yet), but read on for some tangible steps you can take to make sure you do this right. Devices Cloud Services Email ? ? Email ? ? ? ? ? ? ? ? ? ? ?
  • 5. KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY A+ steps to take now to prepare for the GDPR Assess. Take stock of your company’s current security situation. Where is customer data stored and how? What types of documents are used to store it? Who has access to it? How does it get moved between people or departments? What security measures are already in place, both in the enterprise and outside of it (i.e. in the cloud)? What processes are in place to detect and respond to a data breach? How much of your cur- rent security situation complies with the GDPR requirements?
 • Act. Implement security measures that comply with GDPR and protect PII, whether that means encryption, beaconization, or strict data usage guidelines. Put these rules in writing and make sure everyone at your company knows them. Assume a data breach will happen and create a response plan. Who will be responsible for reporting it, and how will that happen in the required 72-hour window?
 • Assemble. Make a list of every single third party your company works with in any capacity and in every department.
 • Agree. Ask your third-party contractors to sign agreements acknowledging that they will not outsource work without explicit approval, they will maintain a risk-based security program that is GDPR-compliant (with your guidance if necessary), and they will report any data breaches or changes to you immediately. Contractors must also return or destroy all confidential data at the end of their contract or termination. 
 • Appoint. Select someone in your company to be the Data Protection Officer (DPO). GDPR recommends that this person is the point person regarding all data security operations and stays on top of data breach prevention and response.
 • Allure. Allure Security’s Novo software is specifically designed to prevent third- party data breaches and doesn’t require keeping track of any keys, passwords, or contractors’ activities. Consider adding Novo to your security line-up to ensure GDPR compliance—and peace of mind. A+ STEPS: 1. ACT 2. ASSEMBLE 3. AGREE 4. APPOINT 5. ALLURE
  • 6. KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY How Novo can help One of the biggest headaches with GDPR compliance is ensuring that documents and data aren’t accessed by unauthorized parties, whether they’re stolen, accidentally forwarded, or leaked with malicious intent. Allure Security’s Novo is designed to give you visibility and control over your documents and data. By embedding a beacon in every document your company uses, Novo keeps track of where sensitive documents and data are at all times. Set up a geofence around your company’s building or your contractor’s office, or authorize an employee’s personal IP address; as soon as a document is opened outside an authorized area, Novo sends an alert and lets you know exactly which documents were opened and affected. What’s more, Novo ren- ders the document unreadable outside the authorized area. In other words, not only are you instantly notified of suspicious activity, but the data itself is impenetrable if it finds itself where it doesn’t belong. The rapid alert system makes it easy to notify authorities and customers about a breach within minutes, well before 72 hours is up. “Novo’s beaconization technology can dramatically reduce risks for large enterprises and align them with the GDPR requirements to provide a reasonable risk-based security solu- tion,” says Sal Stolfo, CTO of Allure Security. “Novo is exactly that: it’s reasonable, it’s a means of detecting breaches, and it’s a means of informing a company when a breach occurs. It ensures compliance and it works.” Breaches are going to happen—there’s no getting around that fact in this day and age as hackers get increasingly savvy. And the GDPR won’t punish you for experiencing a breach. What the GDPR does ask you to do, though, is have solutions in place that mini- mize risks, monitor your data’s security in the hands of third parties, and be able to report problems when they occur. Novo makes this possible. I N T R O D U C I N G : Novo’s beaconization technology can dramatically reduce risks for large enterprises and align them with the GDPR requirements to provide a reasonable risk-based security solution
  • 7. KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY How it works Allure Security’s flagship Novo product is the first Data Loss Detection and Response (DDR) technology that automatically tracks document flows in and outside the enterprise network using machine-learned Document Behavior Analytics (DBA) and data-level deception to pin- point the source of exfiltration in real time and take action to prevent data loss. As documents flow through your existing network gateways, Novo tags real data with bea- cons, maps all locations where beaconized documents are accessed, and learns normal document flow and behavior. Novo alerts the moment it sees documents being opened where they shouldn’t be—outside the geofence in another country, an employee’s home computer, or any other suspicious location. If Novo detects unusual document behavior, it replaces real documents with decoys, or fake documents, to protect the data and catch attackers or insiders. Real Time Alerts Big Data Insights & Reports ENTERPRISE NETWORK Documents Network Gateway DBA ML Engine Detection Policy Engine Threat Intel Beacons DocFlows DECOY GENERATOR BEACONIZER Sonar Beacon Events
  • 8. KEEP CALM AND GDPR: A GUIDE TO UNDERSTANDING AND PREPARING FOR NEXT YEAR’S BIG CHANGES IN DATA SECURITY The Novo Difference In the race to become compliant before May, your company might be looking at a number of different solutions. Most solutions out there are based on encryption, which ensures that if a document is intercepted in the cloud, for instance, the interceptor won’t have the necessary de- cryption key to understand the content. However, relying on encryption to manage thousands of employees with access to millions of docu- ments and billions of pieces of data—well, that’s a lot of decryption keys and a huge technical challenge, especially when third parties come into play. Losing even one key can lead to a loss of data, and managing and enforcing an encryption solution among contractors and others operat- ing outside the network is difficult, to say the least. Novo moves past the concepts of endpoints and keys, and it frankly doesn’t matter how your data is shared or stored. Novo makes it easy to know exactly where all your data is all the time—and if it’s not where it’s supposed to be, you’ll know right away. Novo is easy to manage, secure, and accountable—and best of all, it’s GDPR compliant from the moment you set it up. “Enterprises aren’t aware of where their documents go once they leave their network. We believe visibility is the number-one way to prevent the loss of data,” says Mark Jaffe, CEO of Allure Security. “Third parties have long been an obstacle to data security, and the GDPR is taking significant strides to improve data breach protection. Novo stands up to the task, and by making security second-nature, it lets enterprises focus on the work they care about most.” Enterprises aren’t aware of where their documents go once they leave their network. We believe visibility is the number- one way to prevent the loss of data Take Novo for a test drive and see where your document travels by visiting alluresecurity.com and requesting to schedule a demo.