Companies in Europe today are focused on GDPR compliance. The smart ones are approaching the preparation for future compliance in a methodical and phased way, beginning with an assessment of the current data protection measures in place and identifying gaps or other threats to data security. The legislation is incredibly hostile to business, yet it is a natural evolution of our changing society and the required balance that is constantly negotiated between industry and technology and their impact on people’s lives. What is alarming about the GDPR legislation, as it is written, are the hidden risks that will threaten companies that believe themselves compliant, but may unwittingly be missing the bar for compliance.
The new law is focused on corporate actions required after the discovery of a breach, but fails to adequately define what constitutes a ‘reasonable’ period of time to discover a breach. Enterprises that are relying on defensive technologies alone – whether traditional defenses like endpoint protection and whitelisting or more modern defenses like EDR and SI (Security Intelligence) analysis tools – will face problems.