1. What some experts are saying about GDPR
5/18/2018 7:49:03 AM
What some experts are saying about GDPR
GDPR,Data Protection,Data Security
https://appdevelopermagazine.com/images/news_images/GDPR-and-What-Security-Experts-Think-About-It-App-Developer-Magazine_ky1z6lpi.jpg
App Developer Magazine
What some experts are saying about GDPR

What some experts are saying about GDPR



Christian Hargrave Christian Hargrave in Security Friday, May 18, 2018
11,164

Security experts weigh-in on GDPR and talk about how companies residing in the EU can make the compliance adaption.

The GDPR bill is causing an uproar in the industry as the compliance date comes ever nearer. Yet few can say they actually know much about the bill that will come into place on May 25th.

GDPR, or the General Data Protection Regulation, is an expansion upon the EU’s previous Data Protection Act of 1998, extending the boundary of its territorial mandate from whatever jurisdiction that would vaguely apply it to a full-fledged mandate upon all members.

What GDPR compliancy means:

  • Breach Notification: Companies who have a data breach occur must contact all victims of their leak within 72 hours

  • Right to Access: All personal data held by a data controller can be requested by an individual and must be presented to the individual in an electronic format

  • Right to be Forgotten: Any individual can ask a company for their recorded data to be removed from their databases

  • Privacy by Design: Data protection systems are now mandated to be used by all systems. Controllers are also only allowed to process data that is absolutely necessary for the completion of its duties, plus limitations on the access of personal data.


What experts are saying about GDPR:


Zerto:

"The quickly approaching GDPR deadline has many companies distressed about how to handle their customer data like never before. Despite a clearly defined compliance date since 2016, there is still a lot of uncertainty around it just weeks before, and this - combined with the threat of fines of up to $24 million - means many organizations are still wary of the impending regulation.

Affected companies need to ensure that their businesses are IT resilient by building an overall compliance program. By developing and maintaining a stable, unified and flexible model of infrastructure, companies can protect against modern threats. There are backup tools out there, namely continuous data protection (CDP), that can help companies combat and prevent the loss of data, ensuring the availability of replicated data for full IT resilience,” said Ziv Kedem, CEO, Zerto.

US Signal:

"GDPR compliance is a daunting task, especially with the deadline quickly approaching on May 25. The reality is that compliance and the heavy fines associated with non-compliance can be overwhelming, especially if you are not a GDPR expert. In fact, the US Signal 2018 Security ‘Health of the Nation’ Survey found that nearly half of respondents will not be ready to comply when the regulation goes into effect, or are unsure if it applies to their organization.

However, moving to an infrastructure provided by a managed service provider with GDPR compliance expertise is one solution. Service providers can offer a variety of GDPR-ready solutions, in addition to advice and education to ensure your business has the skills to manage and maintain its compliance. In the future, GDPR, and data protection in general should now be part of all conversations with managed service providers, to ensure that compliance is a top priority and that companies don’t fall behind due to lack of internal resources,” said Matt VanderZwaag, director of product development at US Signal.

WhiteHat Security:

“GDPR applies to any company, inside or outside the E.U., that interacts with the data of European citizens. The world is recognizing how data is the lifeblood of applications. Privacy of this data, integrating security training and formalizing data boundaries all require applications to be secure by design. Just as there are multiple layers of security in the most secure buildings, we have to create the same level of insulation for our digital information.

By understanding how applications, both web and mobile, handle sensitive data and how they authenticate via best practices in development and operations, you can understand the context of data in use, and prove everything is being done to protect the data.

We are living in an API-first world, and it is increasingly important to create the right separation of concerns between personal data and application data. Companies like WhiteHat focus on this as a business, offering both dynamic and static application security testing (DAST and SAST) products to help customers know what information is visible externally while protecting the information they are allowed to collect.

For potential breaches stemming from web applications, DAST products can identify web application security risks with the ability to customize asset importance/ranking according to what privacy data it touches, and how to avoid potential privacy breaches. Further, to address training compliance, companies can implement eLearning, to provide individuals a path to learn how to code securely, and better comprehend general security awareness.

WhiteHat Security believes GDPR isn’t just about finding data - it’s about making certain it’s secure,” said Setu Kulkarni, VP of Corporate Strategy, WhiteHat Security.

Cloud 66:

"Cloud 66 believes in a holistic view of secure, compliant operations - empowering developers but approved by operations. Our tooling always provides an operational opinion for developers, combined with the opportunity for savvy users to assert as much control as they need. We believe compliance with GDPR criteria should include important operational details like alternate deployment models, fine-grained user access control, advanced secrets management, vulnerability minimizationand scanning, ease-of-use with private registries, and various security tools,” said Khash Sajadi, CEO and Founder, Cloud 66.

WhereScape:

“More than ever ensuring data is both identifiable and accessible is a dominating theme for companies on the path to GDPR compliance. The good news for tech companies is that, as the May 25 compliance deadline advances, businesses are investing in long-term data protection strategies. As an example, for businesses managing large data sets, investing in data infrastructure automation software can be extremely beneficial. Automation software can be used to automatically tag data, ensuring data is identifiable, auditable and quickly retrievable if an organization should receive a GDPR-related request for access. To protect their organizations and the customers they serve, companies must proactively invest in the data protection strategies and technologies needed to avoid the pitfalls, and corresponding penalty fines, associated with the GDPR," said Neil Barton, CTO, WhereScape.

Sinequa:

"GDPR was created to ensure what its creators see as a fundamental right for EU citizens to protect their personal data. The penalties for non-compliance will be steep so organizations with EU operations or customers are understandably investing heavily in GDPR initiatives. But instead of seeing it only as a costly burden, organizations should view the regulation as an opportunity. With the challenge of quickly and accurately identifying and finding personal data, organizations with large datasets should embrace an information-driven approach that processes all relevant content and data from across the enterprise intelligently and securely into information that is contextual to the task at hand and aligned with each user’s goals. By extracting relevant information from enterprise data and using it for better decision making, organizations will be able to achieve superior customer service and operational efficiency, while at the same time complying with GDPR regulations,” said Scott Parker, director of Product Marketing, Sinequa.