The new European Union General Data Protection Regulation (GDPR) deadline is May 25, 2018, and despite that date quickly approaching, research shows many companies still aren’t ready. If they remain non-compliant, companies will face a fine up to 4 percent of annual turnover or €20 million (whichever is greater) per breach or issue related to lack of compliance.
With changing regulations, we see that digital security is no longer just an IT issue, it’s a business continuity requirement. You can be proactive and take steps today to become compliant and avoid fines.
Protecting Privacy, Data, and Rights for EU Residents
The main purpose of the GDPR is to protect the personal data for EU residents. The regulation aims to help everyone know:
- Why certain information needs to be provided
- How personal information is being used
- Who has access to sensitive information
- That each individual has control over their data
The territorial scope for GDPR is the biggest change. At first, GDPR compliance was only applied to organizations located within the EU, but new requirements extend the scope to all companies processing personal data of EU residents—despite the location of the company who is processing or handling the data.
The Cost of Data Breaches
Breaches that result in data exposure cause irreparable damage to companies’ reputation and are costly with incident response, remediation, impact assessment, insurance, legal fees, and settlements all associated.
Once GDPR goes into effect, breached companies will face additional fines determined on a tiered level, according to the type of breach, amount and type of data exposed, notification, remediation, and response. As mentioned previously, such fines will be up to €20 million or 4 percent of organization’s annual turnover.
Main Causes of Data Breaches
According to Verizon’s 2016 Data Breach Investigation Report, the most common causes of breaches were:
- Lack of encryption
- Lack of security when handling confidential information
- Unpatched systems and lack of system segmentation
- Lack of consent and permissions management, generating back ways to access information
- Lack of strong log-in credentials
- Lack of identification of devices accessing network
In only 4 percent of the reported data breaches, encryption was used, and that data rendered useless to cyber criminals. Strong log-in credentials and using PKI certificates for multi-factor authentication in critical systems have also proven to be effective in increasing security, preventing unauthorized access, and avoiding data exposure even in the event of breaches.
How DigiCert Can Help with GDPR Compliance
The DigiCert enterprise certificate management platform, CertCentral®, can help you and your company streamline digital certificate management and make sure each certificate meets security requirements, by ensuring you’re using the the most up-to-date algorithms, preventing vulnerabilities and the use of weak of obsolete cyphers.
Using the DigiCert platform, you can order and manage:
- Public SSL certificates for public domains
- Private SSL certificates for internal domains, systems, hosts, and endpoints
Client certificates for email signature, email encryption, user authentication, and device authentication
CertCentral integrates by default with the DigiCert Certificate Inspector. The agent can be deployed externally and internally to build an inventory of all your certificates, despite issuing CA, including self-signed certificates (e.g., Microsoft CA). The agent scans your network to find vulnerabilities related to certificates and endpoint configurations.
The DigiCert RESTful API allows you to fully integrate processes, automate provisioning and management, and customize solutions to fit your needs.
Different from other CAs, we aren’t a certificate factory—we are a security partner to our customers, helping them secure their data, as well as their customers’ data.
Act today to meet the GDPR compliance deadline and save your organization stress and costly fines. Protect your most valuable assets: your customers and their data.