European Union General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR)

The GDPR impacts our entire security portfolio so it’s crucial that we be in a good position when it rolls out next year.
- George Tunnicliffe, Head of IT Operations, National Theatre

By May of 2018, organizations that collect or process EU citizen records will be required to achieve compliance with the General Data Protection Regulation (GDPR). The new legislation will enact strict data protection regulations: companies will be required to notify the supervisory authority of a data breach within 72 hours; failure to do so may incur fines of up to 4% of worldwide turnover, or €20 million for intentional or negligent violations.

What Organizations Will Have to Do:

  • Identify: Security leaders within the organization must first identify whether they are considered a data controller or processor. They must then review relevant obligations respective to their classification (such as issuing notice to citizens and maintaining relevant consent from the data subject) and identify how much Personal Identifiable Information (PII) they hold and where it exists across the organization.
  • Protect: Organizations must then be able to display an adequate level of protection for PII data. Encryption and access control are common control standards but managing encrypted data across multiple business processes is a complicated and problematic task.
  • Detect: If an organization suffers a loss of data, they must quickly detect the breach and identify if PII records were lost or stolen. The investigation should identify the source and destination of the breach using technologies (e.g., Data Loss Prevention (DLP) and Data Theft Prevention (DTP) tools) that provide event and incident information.
  • Respond: Incident response is critical to protect sensitive and EU citizen data. In addition to the mandatory data breach notification requirement, organizations must also implement an effective incident response plan.
  • Recover: In the aftermath of a data breach, organizations must maintain ongoing communication with the relevant authorities.

Forcepoint & GDPR compliance: Identify, Protect, Detect, Respond & Recover

Forcepoint provides organizations deep visibility into how critical data is processed across an infrastructure, whether on-premise, in the cloud or in use by a remote workforce. Forcepoint Data and Insider Threat Security not only provides the ability to monitor, manage and control data (at rest, in use and in motion) but also utilizes behavioral analytics and machine learning to discover broken business processes and identify employees that elevate risk to critical data.

Forcepoint DLP is consistently recognized by global analysts as a leader—including in the Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention. It received the top score for Regulatory Compliance in the 2017 Gartner Critical Capabilities for Enterprise Data Loss Prevention.