Organisations need to understand the changing requirements of the GDPR and how these will impact processes, policies, training, technology and security around the data they gather and process. Compliance and the IT teams must be proactive to ensure they will be compliant, which doesn’t just apply to all organisations based in the EU, but also to any company that process data of EU citizens.
The EU general data protection regulation (GDPR) has been put in place with an enforcement date beginning on May 25th – which is just around the corner! In advance of these regulations, Bomgar has outlined four areas where organizations can start to secure remote access in order to help meet GDPR initiatives. In my last blog, we talked about the first step on identifying the data you hold. The second step that we’ll discuss this week about employee training. Check out the clip from our webinar:
Review Employee Training
GDPR requires that organisations be able to provide evidence of their compliance; therefore, a company’s training will be an important component of preventing breaches and demonstrating compliance. Since GDPR requires companies to report data breaches within 82 hours to the proper authorities, each employee must be able to identity if their organization is in violation of the GDPR and report the violation to their management.
When we talk about violations this could include what you would expect to hear, a data breach to an external attacker but also could be as simple as an employee being granted an improper level of access to personal data. It just doesn't have to be that external threat that you need to consider, but also those accidental exposures of data from inside of the organisation.