GDPR Challenges One Year On

It’s coming up to a year since the EU General Data Protection Regulation (GDPR) came into effect on 25 May, 2018, with the aim of harmonizing data protection laws across Europe and protecting the personally identifiable information of all EU citizens. What has changed over this past year?

GDPR came into effect after three consecutive years of record data breaches, according to the 2017 Data Breach QuickView Report by Risk Based Security. 2015 saw a record 4,344 data breach incidents taking place, 2016 saw a record 6.3 billion data records breached, and 2017 saw this grow by almost 20% with 7.8 billion exposed data records.

So, what impact has GDPR had over the past year?  It’s certainly attracted headlines, especially when Google was handed a 50 million euro fine by the French data regulator CNIL for lack of transparency and failure to secure consent on personalized ads.  However, many businesses still seem to be confused about exactly which measures they should implement in order to comply with GDPR.

According to Gartner’s latest Emerging Risks Monitor report, 64% of senior executives surveyed cited accelerating privacy regulation as a key risk facing their organizations. However, while compliance is certainly a priority for organizations, actually achieving it is still proving problematic for many. In a recently published Forrester survey commissioned by Microsoft, more than half of responding IT professionals admitted they had failed to take necessary steps to comply with the regulation, such as vetting third-party vendors (62%) and collecting evidence of having addressed GDPR compliance risks (59%).

Still, for many organizations outside and inside the EU alike, GDPR must be followed.  There remains a lack of clear industry guidelines for how to implement data protection standards that relate to network security. Official EU guidelines lack an approved implementation framework or reporting structure for these areas, so knowing what constitutes best practice remains a significant challenge.

The overlap with network security

Since these areas overlap with the standards required for the widely adopted ISO 20071, however, there are implementation frameworks here that can equally be applied to the areas of GDPR that govern network security. As such, it is possible to align network security practices with GDPR and demonstrate compliance using the same methodology as that used for demonstrating ISO 20071 standards. Therefore, we advise following the ISO 0071 network security standards and reporting frameworks as a baseline for demonstrating GDPR compliance.

Working towards GDPR compliant network security

While using the ISO 20071 framework to bring you closer to compliance, organizations can simplify their compliance journey by automating network security policy. AlgoSec’s network security policy management solution provides out-of-the-box GDPR compliance support, enabling users to generate reports for all relevant network security at the click of a button. This provides an immediate and accurate picture of the organization’s compliance stance, which can be used to identify and close compliance gaps.

This means that for every rule change that takes place, security teams can quickly assess GDPR risk and compliance, making necessary changes and improvements in the required areas. For every change to firewall rules or network policy, AlgoSec helps teams to assess GDPR risk and compliance proactively. This provides continuous compliance where GDPR and network security overlaps. Meanwhile, AlgoSec automatically documents all changes made to connectivity, policies and security rules and stores these for audit readiness.

Given the ongoing regime of “effective, proportionate and dissuasive” fines issued in the name of GDPR enforcement, organizations must take GDPR compliance seriously and strive to meet the necessary standards. AlgoSec can help organizations to bring their network security into line with key articles in GDPR, while providing the audit trail they need to prove compliance automatically – and thus, reducing the risk of being met with fines if a breach was to occur.

To learn more about how AlgoSec’s network policy management solution can help ease your journey to GDPR compliance, click here.