Preparing for New Cybersecurity Regulations (e.g. GDPR, NY DFS)
Understanding and Preparing for New Cybersecurity Regulations
such as CCPA, CPRA, GDPR, NY DFS, PIPEDA
Are You Ready?
With increased connectivity and use of cloud services comes an increased risk to data and privacy breaches which has led to an influx of regulations being introduced by federal and state regulators, including the draconian EU GDPR (General Data Protection Regulation) which will affect most US organizations.
While New York’s is the most stringent state regulation to pass so far, it’s most likely just the beginning. With 2018 quickly approaching, the countdown is also on for EU GDPR. How are you ensuring your organization is equipped to meet these increasing regulations – and preparing for those still to come in the future?
DSARs, do you comply?
Data Subject Access Requests (DSARs), or Subject Access Requests (SARs) are an important, yet a difficult component of data protection regulations around the world
Regulations with Subject Access Requests requirement
- Australia Privacy Act
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
- General Data Protection Regulation (GDPR) – EU
- Information Technology Act 2000 – India
- Act on the Protection for Personal Information (APPI) – Japan
- Protection of Personal Information Act (POPIA) – South Africa
Challenging, Difficult, and Time-Consuming
Organizations are required to pull out all personal data held and prove that all data stores have been searched. GTB’s Data discovery solutions can not only help with the accurate extraction of such data, but GTB can also provide proof that subject data is no longer residing within the organizations’ data estate.
Benefits of GTB
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.
- Employees and organizations have knowledge and control of the information leaving the organization, where it is being sent, and where it is being preserved.
- Ability to allow user classification to give them influence in how the data they produce is controlled, which increases protection and end-user adoption.
- Control your data across your entire domain in one Central Management Dashboard with Universal policies.
- Many levels of control together with the ability to warn end-users of possible non-compliant – risky activities, protecting from malicious insiders and human error.
- Full data discovery collection detects sensitive data anywhere it is stored, and provides strong classification, watermarking, and other controls.
- Delivers full technical controls on who can copy what data, to what devices, what can be printed, and/or watermarked.
- Integrate with GRC workflows.
- Reduce the risk of fines and non-compliance.
- Protect intellectual property and corporate assets.
- Ensure compliance within industry, regulatory, and corporate policy.
- Ability to enforce boundaries and control what types of sensitive information can flow where.
- Control data flow to third parties and between business units.