With the growth of the ‘always on’ culture—driven by the ever-expanding capabilities of mobile devices and the increase in the digital transformation of services—a wide range of identifiable and behavioural data is now collected and processed by organisations every time we interact online. At the same time, how and where organisations process this data has moved from inside the traditional IT perimeter into hybrid and cloud environments in data centres across the globe.
This proliferation of how and where data is gathered, processed, and stored has led to the European Union Commission to create new regulations to better protect the privacy of our citizens and standardize the data protection laws across the European Union.
The EU General Data Protection Regulation (GDPR) has been put in place with an enforcement date beginning on May 25th of this year. To help prepare our customers, we’ve outlined four areas where organizations can start to secure remote access in order to help meet GDPR initiatives. Here’s a clip from one of our recent webinars outlining the first step:
Identify What Data You Hold
In order to comply with GDPR, organisations must first obtain a full picture of all relevant data they hold. However, with today's complex hybrid IT environments and proliferation of data across the organisation (e.g. on personal devices), this task may present a significant challenge.
Organisations must be able to answer:
- Where does the data reside?
- Who has access to the data?
- How is data processed and transmitted?
The physical location of all relevant data, whether online or offline, must be established. Don’t forget your filing cabinets! Additionally, organisations must limit the access to personal data to only employees who specifically require it for their job. And finally, remember that within an organisation, data could be traveling in and out of network to third-party vendors and stored on a variety of servers.