Think compliance is an optional cost of doing business? Think again (or pay dearly).
The EU’s General Data Protection Regulations (GDPR) take effect May 25, 2018. If you’ve planned for GDPR, have a tested infrastructure in place and are not stressing over meeting privacy objectives — congratulations! You can stop reading now, as you are likely among the 17 percent of respondents that have no concern — as found in a recent Ponemon study.
Results from The Need for a New IT Security Architecture: Global Study on Compliance Challenges & Security Effectiveness in the Workplace, Ponemon Institute, March 2017
According to the study, organizations worry about potential fines if they are not in compliance with GDPR:
- While 67 percent of respondents are aware of GDPR, only about half of organizations represented in this research have allocated budget and started to prepare for these new regulations.
- Of those respondents who are aware of the GDPR, the biggest concern is the potential fine of up to 100 million euros, or 2 to 4 percent of annual worldwide revenues, whichever is greater.
- 74 percent of respondents say complying with the GDPR will have a significant and negative impact on their organizations, such as large potential fines and increased territorial reach of the regulations.
- Another major worry is that their businesses outside the EU will also be impacted by the regulation.
OK, so the GDPR is a big deal, it’s got global impact, it’s coming up relatively quickly — and many aren’t adequately prepared. Get through the “7 Stages of Grief” quickly and let’s focus on options for delivering what the GDPR calls, “Data Protection by Design and by Default.” Compliance is no longer an option and results must be defensible.
The GDPR mandates the implementation of appropriate technical and organizational measures, including pseudonymisation, data minimalization, and controls around data collection, processing, storage, and accessibility. The apparent goals are to define privacy policies, obtain consent for legitimate usage of personal data and to ensure companies are taking steps to mitigate the risk of damaging data breaches.
A new IT security framework is needed to address the challenges of international regulations.
This new IT security framework recommended in the Ponemon Study can be implemented today utilizing application and desktop virtualization, combined with data containerization and enclaving for mobilization and control over data distribution. Lifecycle management of sensitive data is further enhanced through digital signatures, digital watermarks, contextual access, information rights management and country/region data protection specificities.
Our situational approach to security and compliance centers on four key tenets:
- Whenever possible, centralize apps and data in the data center or cloud so sensitive enterprise data is not stored on devices.
- When sensitive data must be distributed, mobilized or utilized offline, ensure it is protected in a secured enclave.
- Precisely control access to resources with context-aware policies based on user, device, location, application and data sensitivity.
- Provide visibility and management capabilities that unite your entire IT infrastructure to deliver application and data-specific security.
The result is a simplified approach that delivers compliance and strengthens security without impeding productivity. This proven approach to compliance utilizing Citrix solutions has been attested to across government, financial services and healthcare industries, including the rigors of PCI-DSS and HIPAA compliance.
Organizations worldwide trust Citrix for compliance. To learn more about our solutions and how we help our customers stay secure and compliant, visit citrix.com/secure.