Although the GDPR is an EU law, it applies to entities around the world: any organization that controls or processes personal data on individuals in the EU, as well as companies that provide goods or services to individuals in the EU or monitor their behaviour, must comply. Also, a study showed that 92 per cent of U.S. companies consider the GDPR a top data protection priority.
This complex law covers both data management – that is, collection and processing – and data protection. In addition, keeping personal data secure is a key element of data protection. Moreover, the GDPR includes specific security-related language in certain articles and recitals. Also, endpoints play a key role in organizational security. Hence, this paper focuses on how Palo Alto Networks® Traps™ advanced endpoint protection can enable security, risk and compliance teams to protect data in their efforts towards GDPR compliance.
Five Key Security Provisions Related to Endpoint Protection
Furthermore, several sections of the GDPR speak to security. The most important sections relating to endpoint security are the following:
- Recital 39: “Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorized access to or use of the personal data …”
- Article 5(f): “Personal data shall be … processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).”
- Recital 78: “The protection of the rights and freedoms of natural persons with regard to the processing of personal data requires that appropriate technical and organizational measures be taken … The controller or processor should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.”
- Recital 83: “In order to maintain security … the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks … Those measures should ensure an appropriate level of security, including confidentiality, taking into account the state of art and costs of implementation …”
- Article 32: “Taking into account the state of the art … [organizations] shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.”
How Traps Helps Security Teams in Their Journey to GDPR Compliance
Traps can assist in the journey to GDPR Compliance in five ways that address the aforementioned provisions: preventing unauthorized access; preventing unauthorized or unlawful processing and accidental loss, destruction or damage; applying for data protection by design and by default; facilitating risk mitigation; accounting for state-of-the-art technology.
Download the Resource for further reading…
You May Also like to Read:
EUs GDPR vs California’s mini GDPR- CCPA | The New Privacy Act of 2018
The Power of XaaS (Anything as a Service)
How to Secure Your Business in a Multi-Cloud World
The Six Essentials for DevOps Team Excellence