GDPR Compliance Module

The General Data Protection Regulation (GDPR) is legislation aimed at protecting the personal data of European Union (EU) citizens. The GDPR applies to any company doing business with an EU organization or individual. If an organization offers goods or services, maintains offices, or operates a website in the EU, the GDPR likely applies.



The GDPR is Here — Get the Facts

Ensure your organization is GDPR compliant and avoid fines by understanding the key principles of the GDPR regulation.

"No matter where you are based in the world, if you want to dobusiness within the EU, you will need to comply with the GDPR".




Understanding GDPR Compliance

The GDPR regulation affects security professionals in two key areas: reporting data breaches and data protection by design. This means organizations are subject to a specific obligation to include data protection considerations into their service, process, or product from the onset of operations — and not as an afterthought, as is often the case.

Under the GDPR, it is fundamental that a business must be able to identify when and understand how attackers compromised organizational defenses in the event of a breach. Given the considerable penalties, the failure to champion this capability could end up being financially crippling to companies affected by the GDPR.

Reporting Data Breaches

 This regulation dramatically raises the bar on data breach reporting, requiring organizations to respond within 72 hours of becoming aware of the breach. Organizations must urgently review and arrange operational and technological arrangements to satisfy this GDPR requirement.

Data Protection by design

Under the GDPR, data protection and processing safeguards must become part of the DNA of all systems and processes. Privacy must be one of the pillars of new application development and new processes, and not an afterthought or a last-minute workaround.


 GDPR Applicability

The GDPR is a major change to the way EU personal data should be processed. The GDPR is also universally applicable; if organizations want to do business in the EU, they will need to comply with the GDPR. In response, security teams need to develop a number of capabilities to meet the demands of the GDPR around breach reporting and data protection by design.

 Accountability for Breach Reporting

In 2017, it took organizations an average of 101 days to detect a compromise. Once detected, organizations spent an average of a week to respond. This represents a huge risk in light of the GDPR’s reporting requirements and the possible penalties that could follow.

 Organizational Changes

The GDPR calls for the introduction of a number of organizational changes to manage data. This may include staffing additions, such as appointing a data control officer and a data processor officer. A data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. A data processor is the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

 Making the GDPR Manageable

Depending on the severity of the infraction, noncompliance with the GDPR can result in formidable consequences, including fines of up to €20m or four percent of an organization’s global annual revenue — whichever is greater. At first glance, GDPR compliance might seem intimidating. But, with some planning, it can be an achievable goal. Download the infographic to learn how your security team can effectively manage GDPR requirements.


Trusted by the Best