Cyber-security expert, Symantec Corp is providing resources and expertise to companies still working towards complying with the General Data Protection Rule (GDPR), which went into effect on 25 May.
Recent research from technology analyst firm IDC found that, despite the urgency created by the GDPR deadline, 71% of organisations believe that a lack of knowledge about the regulations are limiting their compliance. Additionally, 69% are not confident they even know where their personal data is located. With the law now in effect, those numbers are a stark reminder that every firm needs to focus its resources and attention on compliance or risk the ramifications.
“GDPR is the single largest compliance-driven transformation we’ve ever seen, and in the short time since it has gone into effect, major complaints have been filed against social media and internet companies, with claims totalling in the billions of dollars,” said Greg Clark, chief executive officer at Symantec. “The challenges of the cloud generation magnify the difficulties that organisations face as they work to navigate these waters. That is why we are committed to helping our customers with compliance and reducing the significant risk associated with being a custodian of consumer data.”
Symantec recommends all organisations that have yet to fully comply with GDPR immediately take the following procedural steps:
- Bring business and IT leaders together and ensure everyone understands the challenges with GDPR and why they need to make it a top priority. The most senior leadership within every affected organisation must understand the unprecedented ramifications organisations may face for lack of compliance.
- Take a full assessment of all data held by the company – files, logs, metadata and beyond, beginning with the most critical data. This is where many organisations need the most work – the standards can’t be met without a complete understanding of what data a company holds and where it is held.
- Once a complete inventory of all data is taken, develop a data protection strategy which will proactively protect key data assets regardless of their location, a response plan in the event of an incident and a set of processes for ensuring continuous compliance.
- It is further critical that organisations fully understand the range of technological resources that can help them demonstrate their efforts to maintain compliance. Symantec is focused on helping organisations achieve GDPR compliance excellence and offers a number of technology solutions which help organisations maintain key areas of GDPR compliance.
- Managed Security Services and Incident Response Services help organisations deliver core expertise where they might otherwise lack robust data breach detection and response capabilities.