5 Ways GDPR Will Change the Way We Do Business

May 10, 2018
By Jannine Mahone

Do you recall one of the largest breaches of personal data in 2017?

March 2017, Dun and Bradstreet: 33.6 million files.¹ This data contained names, email addresses and telephone numbers. Although this is information that Dun and Bradstreet notes would “typically be found on a business card,” this data is included under the European Union General Data Protection Regulation (GDPR) definition of personal data.

According to the GDPR principles set out in Article 5, personal data must be: ²
(a) Processed lawfully, fairly and in a transparent manner
(b) Collected for specified, explicit and legitimate purposes
(c) Limited to what is necessary in relation to the purpose for which it is processed
(d) Accurate, relevant and kept up to date
(e) Kept and stored for no longer than necessary for the purpose it was processed and in accordance with appropriate technical and organizational measures
(f) Processed in a manner that ensures appropriate security that protects against unauthorized or unlawful processing, loss, destruction or damage

Companies need to consider two key factors: accountability and compliance. Under GDPR, companies will be more accountable for their handling of personal information. Key changes many companies will need to make are:

Change how they collect, use and transfer personal data
Make changes to or implement new IT systems dedicated to maintaining appropriate technical and organizational measures with a level of security appropriate to the risk
Update privacy notices, policies, and contracts and terms with suppliers, customers, resellers and others
Consider data privacy in product design by default, which may include pseudonymization and encryption of personal data
Organizations must be able to notify the relevant supervisory authorities of a breach within 72 hours of discovery³

For a more detailed view of what organizations need to know to prepare for GDPR in the short time that is left, read our white paper.

¹ Dun & Bradstreet database breached, 33.6M les vulnerable. https://www.scmagazine.com/dun-bradstreet-database-breached-336m-files-vulnerable/article/644419/
² See Article 33: https://gdpr-info.eu/art-33-gdpr/
³ Official GDPR Text (PDF): http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf

Transforming Security Through Visibility™: a Four-Step Approach

Posted: May 24, 2018

Twitter: @JannineMahoneFS The European Union General Data Protection Regulation (GDPR) privacy protection principles and obligations, covered by the previous blogs, may have far-reaching consequences. As a first step to becoming GDPR-ready, companies need visibility into what is on the network. They need to know which devices are connected to the network, who is using these […]

0 comments

In Cybersecurity and the NFL, It’s All About the Fundamentals

Posted: May 23, 2018

Twitter: @CorbinLouks Before starting my career in security, I was fortunate enough to play for a few NFL teams. It’s an accomplishment I’m extremely proud of, and one that took years of hard work and dedication. When I reflect on my football accomplishments, how I managed to play at the highest level at a position […]

0 comments

IoT Security – Device Visibility Is Only the First Step

Posted: May 22, 2018

What enterprises aren’t leveraging IoT devices these days? Smart printers are the norm, as is onsite security with IP surveillance cameras, smart buildings where heating, cooling and lighting are adjusted automatically for offices, conference rooms and entire floors based on sensors reporting the number of individuals present. CISOs have been busy enough securing the overall […]

0 comments

Sign up for ForeScout News.

Sign up for a visit.

Thank you for your interest in ForeScout.