GDPR Compliance and Risk Management Solutions
MANAGE YOUR GDPR COMPLIANCE WITH OUR TECHNOLOGY-POWERED SOLUTIONS
IS YOUR BUSINESS GDPR-READY?
WHAT DOES GDPR MEAN FOR YOUR BUSINESS?
The General Data Protection Regulation (GDPR) is one of the hottest topics at the moment and the most anticipated legislation in recent years. It came into effect on 25th May 2018. The aim of the regulation is to better address the protection of personal data, defined as any data that can be linked, directly or indirectly, to an individual, making it a game-changer for IT businesses worldwide. At its very core, GDPR compliance is a mandate to manage those businesses that have access to personal data of clients residing in the EU and how they protect that access.
Speak to us about how we can help make sure your business is GDPR-compliant, thus avoiding the potential hefty penalties associated with failing to comply with this new regulation, as well as the risk of reputational damage of your business should it suffer a breach in data.
The European General Data Protection Regulation (GDPR) is designed to harmonise the current data protection laws in place across the EU member states. It introduces guidelines on how customer data should be stored and, most significantly, how companies must respond in the event of a data breach.
Companies can be fined up to €20 million or 4% of their global turnover – whichever is higher, if their data is compromised as per the GDPR. However, this is arguably the tip of the iceberg when it comes to the total cost of the breach once knowledge of it becomes public. When a data breach occurs, companies have 72 hours to inform the regulator and are also required to inform individual data subjects of data breaches ‘without undue delay’. Under the EU General Data Protection Regulation, no business will be able to hide a breach from the public eye. For data security professionals, the pressure is on to prevent data loss incidents from happening in the first place and ensure that your business won’t be making the next big data breach headlines.
DO YOUR USERS HAVE THE TOOLS TO COMPLY WITH GDPR AND OTHER DATA PROTECTION REGULATIONS?
COMPLY WITH DATA PROTECTION AND PRIVACY REGULATIONS
Strengthen your data protection compliance program by making users a key part of your strategy. Computime solutions help organisations comply with data protection and privacy regulations such as the current EU Data Protection Directive 95/46/EC, the forthcoming General Data Protection Regulation (GDPR), and EU member state data protection legislation.
IDENTIFY PERSONAL DATA
Identify personal data stored in email and documents so that your organisation can apply the appropriate controls to protect that information. With support for automated, system-suggested, or user-driven classification, Computime solutions provide an intuitive workflow built into the user’s familiar desktop and mobile applications.
PREVENT DATA LOSS
Identify and protect personal information stored in unstructured data, including national identification numbers, health information, and credit card numbers. As users handle email and documents, Computime’s solutions enforce data protection policy and provide targeted, interactive education so that users are accountable for protecting sensitive information.
ADDRESS INSIDER THREAT
Enforce security controls to prevent users from disclosing personal data to unauthorised recipients. Computime’s solutions provide multiple levels of protection, from policy warnings and security education, to locking down content with encryption and RMS. Computime’s classification metadata can also be used by DLP solutions to recognise and protect your sensitive information.
BALANCE DATA PROTECTION AND WORKER PRIVACY
Comply with worker privacy laws, such as European Works Councils Directive 94/45/EC, by monitoring work-related data only. Computime solutions enable users to identify email and documents as “Employee Private,” so that content scanning systems can focus on work-related information and ignore the user’s personal files.
SHARE INFORMATION WITH CONFIDENCE
Balance information sharing with information protection, so that your organisation can collaborate with partners, customers and citizens, without putting your organisation at risk. Computime’s data classification and policy enforcement solutions provide the foundation to enable secure collaboration from desktop to mobile device.
STOP MAIN CAUSE OF DATA LOSS – YOUR ENDPOINTS
Stop malware and Ransomware and Keep your data secure if laptops or mobile devices are lost of stolen. Computime can provide full endpoint security solutions which provide not only traditional anti-virus malware protection, but include antibot, anti-ransonware and zero day protection solutions plus device full disk encryption and media encryption – you can safely encrypt hard drives, removable media, files and email, using the industry-recognised FIPS 140-2 Validated 256 bit AES encryption standard for assured security. This is coupled with anti-malware and zero day protection for mobile devices.
STOP THREATS AT THE NETWORK PERIMETER
Block data-stealing attacks before they get to your devices and automatically encrypt or deny emails containing sensitive files. Next Generation Firewalls with IPS and Application control mechanisms stop attacks and malicious traffic at your organisation’s perimeter before they can reach your network. Email Gateway solutions automatically encrypt sensitive email attachments and blocks malicious emails from entering your company and Web gateways will protect your users from accessing malicious content found in websites.
MONITOR FOR INSIDER THREATS
Insider threats pose significant risks to your organisation. Insider threats can be anyone who has access to a business system, including internal permanent staff, contractors, temporary staff, partners, and former staff. This means that everyone, including managers and executives, should be equally scrutinised. Computime offers solutions for Privileged User Monitoring and advanced User and Entity Behavior Analytics (UEBA) that works to detect insider threat activity, as well as help track an attack progressing through the Cyber Attack Lifecycle stages.
MONITOR THIRD PARTIES
Vendors, contractors, and partners can help you get the job done. But they can also introduce insider threat risk to your organisation. Computime offers Privileged Session manager solutions that enable organisations to isolate, monitor, record and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines. The solution acts as a jump server and single access control point, prevents malware from jumping to a target system, and records keystrokes and commands for continuous monitoring. The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations.
USE TWO-FACTOR AUTHENTICATION TO COMPLY WITH GDPR
A recently published study from ENISA — the European Union Agency for Network and Information Security which advises member states and private sector organisations in implementing EU legislation, provides guidelines on how to take the appropriate measures to comply with the General Data Protection Regulation (GDPR). ENISA’s recommendation includes two-factor authentication and mobile application security as technical measures in high-risk situations.
In the area of access control and authentication, ENISA recommends implementing two-factor authentication in high-risk cases and in certain medium impact cases, as follows: “Two-factor authentication should preferably be used for accessing systems that process personal data. The authentication factors could be passwords, security tokens, USB sticks with a secret token, biometrics etc.”
HAVE A SoC – CENTRALISED SECURITY LOGGING AND INCIDENT RESPONSE
Know how to prioritise and respond to the myriad of alerts your security products generate on a daily basis, by implementing an SIEM solution, ideally with a Compliance Module offering for a robust, pre-built suite of rules, alerts, and reports specifically mapped to GDPR Articles.
DE-IDENTIFY ANY PERSONALLY IDENTIFIABLE INFORMATION OR OTHER SENSITIVE DATA
Prevent data leakage by anonymising any Personally Identifiable Information (PII) in all data flows. De-identify sensitive data without a negative impact on marketing, business intelligence, or other vital business functions. Computime offer solutions for the pseudonymisation and anonymisation of data. According to the GDPR, Pseudonymisation may facilitate the processing of personal data beyond the original collection purposes. When done properly, anonymisation places the processing and storage of personal data outside the scope of the GDPR.