On May 25, 2018 the new General Data Protection Regulation (GDPR) will take effect and according my friend Benjamin Wright who wrote a paper for the SANS Institute GDPR “is motivating organizations worldwide to improve existing technical controls for securing personal information. Organizations should be especially aware that the GDPR and other recent legal developments amplify the negative repercussions of a data security breach—meaning organizations have increased incentives to avoid a breach.” Ben’s February 2017 Whitepaper is entitled “Preparing for Compliance with the General Data Protection Regulation (GDPR) -A Technology Guide for Security Practitioners” and included these the three major trends “for larger, multinational organizations”:
- Greater potential monetary penalties imposed by regulators
- More rules for disclosure of data breaches
- Increased exposure to diverse proceedings and investigations into whether data security is adequate
If you don’t know about GDPR it’s definitely time!