Friday, May 25, marks the official start of the European Union's General Data Protection Regulation (GDPR) -- a sweeping legal framework that offers expanded privacy protection for European citizens, as well as stiff penalties for those businesses that violate these new laws.
While two years in the making, enterprises will now have to confront these new rules head-on, while preparing for more changes to come. GDPR is expected to serve as a blueprint for other countries, most notably China, which are also considering new privacy protections for their own citizens.
For the past several months, businesses of all sizes have struggled to prepare for today, updating their IT to meet with new compliance and data governance rules, but it's clear that many are not ready for what's ahead.
Steve Durbin, the managing director of the non-profit Information Security Forum, believes that most enterprises have adopted a "defensive position" in the weeks leading up to the GDPR deadline. This includes subject access requests, impact assessments and policies that cover collecting data from employees, customers and third parties.
Still, there's more to do.
"Businesses should be able to at this point demonstrate implementing at least the spirit of the regulations around things like transparency, purpose and lawfulness, but then you have to get to the stage where you ask, 'Where do we go from here?' " Durbin said in an interview with Security Now. "If you do an assessment and find you are in good shape, you can go to phase two and starting next week, you can start implementing this across the business."
To help our readers prepare for GDPR and all that it entails, Security Now has published numerous stories over the past six months to help security and IT pros, as well as the enterprises that they work for, gain a better of understanding of what these new rules mean and how it will affect their jobs both now and in the future.
Over these months, Security Now has published stories on how network firewalls can help with GDPR, what larger tech giants such as Microsoft and IBM are doing to prepare as well as tips to ensure your website is compliant.
Here's our complete list of stories that can serve as your guide to GDPR on this first day:
5G technology holds a good deal of promise for businesses, from expanded IoT capabilities to new ways to reach customers. The downside is that these networks require a new security approach, which InfoSec teams need to start thinking about now.
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
With the discovery of 'Collection #1,' security researcher Troy Hunt appears to have found the largest repository of stolen email addresses and passwords ever, totaling more than 87GB and 12,000 separate files.
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.