What Proof of Compliance will GDPR Regulators be Looking for?

Have you done all the right things to fulfill GDPR requirements?

GDPR stands for General Data Protection Regulation, the most comprehensive overhaul of European data protection rules in over twenty years.

As of May 25th, 2018, non-compliant organizations face fines of up to 4% of their global annual revenue if they are unable to demonstrate they are GDPR compliant in the event of a breach to EU citizen privacy data. In the video, Hadi Hosn, Global Consulting Solutions Lead, shares some of the key things regulators will be looking for from organizations they audit or suffering a breach to their data.

Transcript:

So the proof that regulators are looking for to ensure organizations are doing the right thing, it really depends on how the regulators engage with the organization. It could be either that they would proactively come in to the organization to assess them and make sure they're in line with GDPR requirements, or reactively, they've come in based on a breach that the organization has had to personal data. The regulator is looking for proof that the organizations board is aware of GDPR and is aware of the personal data risks. They need to ensure that the organization has assessed the scope of GDPR within that organization.

The regulator also needs to prove that the organization has carried out an exercise to know what personal data they have, where it's going and what kind of entities and parties are accessing that data. Whether it’s internal teams, or it's third parties and vendors that are partnering with that organization. And then it's about that controls that the organization has implemented. Whether it's inscription or masking or monitoring, detection and response controls. And this depends on the risk profile the organization has accepted.

So whether it's monitoring detection and response controls that organizations have implemented. GDPR is a risk-based framework. It's a risk based regulatory framework and the organizations have the ability to choose the right controls for the risk profile, as long as they can justify those controls to the regulator, when they come knocking on their door.

We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.

Sunil Saale, Head of Cyber and Information Security, Minter Ellison

Red Cloak™ Threat Detection and Response isn’t just the next generation of SIEM, it’s an evolution.

David Levine, CISO, Ricoh Group

Why Secureworks^®?

The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™

Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.