The General Data Protection Regulation (GDPR) goes into effect in just three short months. Though it’s been a long time coming, industry reports estimate that more than 50 percent of companies affected by the GDPR will not be in full compliance with its data protection requirements by the May 25 deadline.
Many of these organizations have chosen to take a “wait and see” approach, observing how the rules will actually be enforced and who will be found in violation before they make widespread changes to their security programs. This is a misguided strategy that could result in crippling fines—up to four percent of company turnover.
Imagine, for example, if the recent Uber breach would have occurred after the GDPR went into effect. Post-breach analysis of the breach revealed a significant lack of security controls necessary to prove compliance with the regulation. This case likely would have resulted in a massive, multi-million dollar fine as it involved personal data of nearly 60 million customers and drivers and went unreported within the GDPR-mandated 72-hour timeframe.
Operational control over who has access to personal data is at the heart of complying with the GDPR. Essential to gaining that operational control is strong privileged account management. Time is indeed running short, but there is still time to address the gaps and protect your organization from financial penalties and liability by taking advantage of the tools you already have in place. Our at-a-glance matrix outlines how CyberArk customers can leverage components of the CyberArk Privileged Account Security Solution to address several key, required controls.
For other helpful checklists, solution briefs, eBooks, advisories and more, check out our library of free GDPR resources.