Hero Image Tagline
Supporting Your GDPR Compliance Program
By May of 2018, organizations that collect or process EU citizen records will be required to achieve and maintain compliance with the General Data Protection Regulation (GDPR). The new legislation will enact strict data protection regulations: companies will be required to notify the supervisory authority of a data breach within 72 hours; failure to do so may result in fines of up to 4% of worldwide turnover, or €20 million for intentional or negligent violations.
- Provide organizations with deep visibility into how critical data is processed across their infrastructure, whether on-premises, in the cloud or in use by a remote workforce.
- Enable organizations to monitor, manage and control data (at rest, in use and in motion).
- Utilize behavioral analytics and machine learning to discover broken business processes and identify employees that elevate risk to critical data.
What Organizations Will Have to Do:
Security leaders within the organization must first identify whether they are considered a data controller or processor. They must then review relevant obligations respective to their classification (such as issuing notice to citizens and maintaining relevant consent from the data subject) and identify how much personal identifiable information (PII) they hold and where it exists across the organization.
Organizations must then be able to display an adequate level of protection for PII data. Encryption and access control are common control standards, but managing encrypted data across multiple business processes is a complicated and problematic task.
If an organization suffers a loss of data, they must quickly detect the breach and identify if PII records were lost or stolen. The investigation should identify the source and destination of the breach using technologies (e.g., data loss prevention (DLP) and data theft prevention (DTP) tools) that provide event and incident information.
Incident response is critical to protect sensitive and EU citizen data. In addition to the mandatory data breach notification requirement, organizations must also implement an effective incident response plan.
In the aftermath of a data breach, organizations must maintain ongoing communication with the relevant authorities.
The GDPR impacts our entire security portfolio, so it’s crucial that we be in a good position when it rolls out next year.
Solutions to Fit Your Needs
Forcepoint provides organizations with deep visibility into how personal data is being processed across their infrastructure; on-premises, in the Cloud or within their increasingly remote workforce.
Forcepoint can guide organizations towards GDPR compliance with products that can help you identify, protect, detect, respond and recover. There are 3 core areas where Forcepoint is assisting customers.
- IDENTIFY: Supporting the need to inventory personal data stored across the organization.
- PROTECT: Mapping, Managing and Controlling Personal Data Flows.
- RESPOND & RECOVER: Assisting organizations responding to personal data incidents.
Forcepoint DLP is available for the endpoint, network or cloud and can be used to discover personal data at rest and protect personal data in use and motion across your organization (from endpoint to cloud). With pre-defined GDPR policies and deep integration with the Forcepoint Web and Email Security gateways, Forcepoint DLP can be deployed swiftly and start protecting your organization sooner.
Forcepoint Insider Threat is a user behavior monitoring tool that’s been protecting the most sensitive government and organization networks on the planet for over 15 years. Forcepoint Insider Threat detects suspicious activity, whether it is a hijacked system, rogue insider or simply a user making a mistake. It automatically identifies high risk users and provides context into unusual behavior, including an “over-the-shoulder” view enabling organizations to proactively and authoritatively address threats from within. This ‘high definition’ context greatly reduces data incident investigation times by providing investigators and responders with clear, actionable information across many systems from a single console.