GDPR Compliance

GDPR Compliance is at risk with 3rd Party providers

GDPR Compliance

GDPR Compliance Management is more complex with the increased use of 3rd Party providers

Security and GDPR Compliance risks from third parties are on the rise. A security compliance study found that 56 percent of companies admitted to a security incident caused by a third party.

With GDPR now in place, security of third-party vendors and consultants is more important than ever. Their security failure will impact your company and could result in a breach of your data.

So how do you approach third-party security in a GDPR world? The first step is to know who your vendors are and other outsiders with access to your network. These tiers are based on the level and volume of data they have access to, determining which are the most critical. Companies need to know who has any access to their data and get an accurate understanding of exactly what information they can access, why, and how often. With this information in hand, you can then develop an accurate response plan.

GDPR compliance plans should also take into consideration all of your third-party vendors. Thus, when establishing a dedicated Data Privacy Officer (DPO), that person will help the company meet GDPR requirements and should keep tabs on third-party practices and data systems as they affect your business. Lunetta added:

To support the DPO with additional expertise on making decisions such as, “We need X solution to address Y compliance/security requirement,” it’s imperative for IT security teams to conduct regular self-assessments for uncovering gaps and determining options for remediating them.

GDPR Tips

Some tips for ensuring that your third parties are staying in GDPR compliance:

  • Address cybersecurity governance because while it’s one thing to invest in security solutions that help address personal data protection, it’s another to use them in a manner that is also GDPR-compliant.
  • Access Policy Governance – Having robust access controls isn’t good enough to comply with GDPR. Instead, you also need a set of policies that can be defined, implemented and enforced around how your enterprise controls access to personal data.
  • Pay attention to privileged.  Users, such as systems administrators, can circumvent standard controls inside of an application or a database. Identify those users, establish governance controls, and implement enforcement mechanisms through technology solutions such as network access control.

See also:

Please follow and like us
error

Related Post

Victor Janulaitis on LinkedinVictor Janulaitis on Twitter
Victor Janulaitis
M. Victor Janulaitis is the founder and CEO of Janco Associates. His focus and that of the firm is the management and support of IT professionals improving infrastructure. His expertise is in organizational infrastructure, security, cost control, disaster recovery business continuity; information privacy; and staff development.

Mr. Janulaitis has been an expert witness in several employment and termination lawsuits. He is considered an expert on discrimination, job content, compensation, and employee performance.
This entry was posted in Security and tagged , , , on by .

About Victor Janulaitis

M. Victor Janulaitis is the founder and CEO of Janco Associates. His focus and that of the firm is the management and support of IT professionals improving infrastructure. His expertise is in organizational infrastructure, security, cost control, disaster recovery business continuity; information privacy; and staff development. Mr. Janulaitis has been an expert witness in several employment and termination lawsuits. He is considered an expert on discrimination, job content, compensation, and employee performance.

Leave a Reply