According to RSA, a global cyber security company delivering Business-Driven Security solutions, ultimately, the EU’s General Data Protection Regulation is not just a governance, risk and compliance issue.
And RSA says GDPR spans the full enterprise and forces companies to adopt a healthier privacy and security risk posture in four critical areas: risk assessment, breach readiness, data governance, and compliance management.
“We used to live in a world where executives ran the business, IT ran the infrastructure, security set the perimeter, and compliance made the rules, but regulations like GDPR are breaking down those old walls,” said Rohit Ghai, president, RSA.
Ghai says RSA offers a combination of products and services across these domains, including two new use cases in the “market leading” RSA Archer Suite:
- The RSA Archer Data Governance use case is designed to assist organisations in better documenting data governance requirements to improve support for data-centric regulations, such as HIPAA, GLBA and GDPR.
- The RSA Archer Privacy Program Management use case is designed to enable organisations to holistically manage privacy programs and align processes with regulations, including privacy assessments and regulatory case tracking.
Ghai says Article 33 of the GDPR regulation outlines specific requirements for notification of a personal data breach to the supervisory authority, which makes having a full understanding of the details of a data breach paramount.
“The goal of any security team is to prevent these kinds of breaches, but breaches can still occur. As a result, many data protection requirements focus on breach response and reporting.
“Additionally, GDPR requires notification to regulators, generally within 72 hours of becoming aware of an actual breach. Released earlier this summer, the newest edition of RSA NetWitness Suite is designed to scan your entire infrastructure for indications of an attack, and uses behavioural analysis and machine learning to help better understand the scope and nature of a breach with improved visibility into the attack sequence, enabling faster notification.”