Within organizations across the globe there is heightened anticipation and preparation for compliance with the General Data Protection Regulation (GDPR). With this formal set of obligations for organizations processing the personal data of people in the EU, compliance is mandated by May 25, 2018. Even as we inch closer to that deadline, navigating the information and mandates contained within the GDPR continue to strain teams who have not previously adopted a sophisticated approach to compliance. Evident has launched a new compliance report that will help organizations maintain continuous and automated insight and control of their cloud environments to assist them in protecting personal data in the cloud within the structure of the GDPR.
At its foundation, GDPR addresses data privacy. That may seem like a fairly simple, high-level goal, but the challenge for organizations is to figure out how to use the regulation to map their processes and practices so that personal data is handled and transacted in a secure way. The regulation is intended to help individuals by ensuring stronger data privacy, but it also aims to simplify the regulatory compliance for businesses and organizations. Within this simple goal is a lot of complexity and finding a way to ensure compliance (and note that hefty fines of up to €20,000,000 or 4% of their annual global turnover, which ever is higher, that can be levied on organizations for GDPR violations, including personal data breaches) is taxing the workloads of many who operate highly connected cloud environments. Ensuring they can maintain a highly optimized development and business environment in the midst of the regulation and the need for rigorous security is going to require a continuous effort.
GDPR is shining a bright light on data security and putting more pressure on organizations to take steps to avoid personal data breaches and other mishandling of personal data. Compliance in the cloud is challenging because of its dynamic state and the only way to truly capture all the activity and changes is with continuous monitoring.
To maintain a a level of security appropriate to the risk in the cloud , you need to automate the monitoring and assessment of your security to be sure you’re always leveraging best practices that make it hard for the bad guys to compromise your cloud infrastructure. In doing so, organizations create a layer of awareness and control over their data that can put them into the best possible situation to ensure controls and overall security posture meets with GDPR’s requirements.
The new Evident compliance report helps to identify whether AWS services are appropriately configured to protect personal data against accidental or unlawful destruction; or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access. Essentially, it identifies potential and existing issues with a cloud environment and data privacy, to assist organizations in adopting specific AWS security controls that address their GDPR security responsibility. Security controls can be assessed against many other industry and regulatory compliance frameworks (PCI, HIPAA, NIST, SOC 2, and others) using Evident, or you can create your own custom compliance report that measures the various security commitments you’ve made to your business. Every organization has controls for security, and Evident automates the inspection of the controls — and can even help automate the remediation of risks.
By using the Evident GDPR Report, organizations get the benefit of an automated approach to security compliance monitoring. With the May 25 deadline approaching, it can deliver a new, comprehensive way of documenting vigilance and appropriate security over their cloud data and that of their customers and other stakeholders.