Today is the day. After all the build-up, the GDPR deadline is officially here. From the inevitable next breach, we will more fully understand how well organizations prepared and the implications of this far-reaching regulation.
The regulation is designed to better address the protection of personal data, so much of the buzz around GDPR has been focused on end-users. Of course, GDPR goes much deeper than that. At the heart of GDPR compliance is a mandate to manage who has access to personal data and how that access is protected. CyberArk’s David Higgins shares an example in this week’s CRN piece, 10 Security Experts On What the Industry Doesn’t Get About GDPR, noting, “The hidden layer of any organization are the IT administrators since they have access to the data needed to the keep the lights on and the systems running. For this reason, attackers looking to steal data often target IT administrators rather than human resources or finance leaders since the former usually have access to more valuable data.”
A strong privileged access security strategy, which provides end-to-end protection of privileged accounts, credentials and secrets that have access to the systems and applications containing personal data, is critical to ensure your organization’s IT administrators do not find themselves in the cross-hairs of regulators. A sound strategy will also help you to avoid the financial penalties and liabilities associated with GDPR.
Over the past year, we’ve worked closely with our customers and partners to help prepare for the GDPR. As you continue on your compliance journey, tap our comprehensive library of free GDPR resources available to help you mitigate risk, avoid potential fines and liability and, most important, implement a stronger enterprise security posture moving forward.