The countdown is drawing to an end. May 25 looms on the horizon and adapting to the GDPR has gone from being a task that needs to be addressed in the future to an imminent obligation. Failing to comply with the new European regulations will incur fines of up to €20 million, considerable compensation for users whose personal data security has been breached, loss of business and other negative consequences.
Now more than ever, the onus is on companies to take care of the data they handle and ensure it is protected in line with the stipulations of the GDPR. The first step is to locate all personally identifiable information (PII) of EU citizens and identify the reason why it is stored or processed, where it is stored, who has access to it, with whom it is shared, etc.
Unstructured data: a risk for all companies
Unstructured data makes compliance with the GDPR difficult precisely because it is not easily organized or processed. It is a set of raw and disorganized data that cannot be stored in predefined relational data structures. Examples of this type of data include email messages, PDF files or spreadsheets. Due to its unorganized nature, this data represents a major challenge when it comes to complying with the requirements of the GDPR and it is continuously increasing. According to International Data Corporation (IDC), unstructured data spread across servers and the devices of employees and collaborators (partners, consultants, etc.) accounts for approximately 80 percent of all corporate information. Just as this type of data is growing, so the risk to organizations doubles every year.
Add to this the fact that recently the number of cases of data exfiltration has increased exponentially. It is clear that having a security solution that enables you to meet these two great challenges is no longer optional.
Monitoring sensitive data
Our solution Panda Adaptive Defense helps comply with some of the main articles of the GDPR, thanks to the Panda Data Control security module, which discovers, audits and monitors unstructured personal data on corporate endpoints: from data at rest to the processing of data and data in transit.
For example, with respect to the security of processing (Article 32), Panda Data Control offers tools to validate -in real time and retrospectively- if the PII is accessed only by authorized personnel and also whether the policies established by a company are adequate. In addition to the large amount of information and detailed graphs provided to aid compliance with this article, this module also provides a series of reports focused on PII exfiltration (files at greater risk, actions on files at risk, users or computers involved in a case of data exfiltration, etc.). It highlights, for instance, the top 10 computers where malicious processes have been detected accessing personal information. In this way, a company can anticipate potential security incidents and comply with the obligation to report personal data security breaches to the authorities, as set out in Article 33 of the GDPR.
Thanks to these reports, Panda Data Control also allows organizations to carry out a data protection impact assessment, as required by the regulation when it is likely that a data processing operation could suppose a ‘risk to rights and freedoms of natural persons’. Our solution gives companies the ability to identify the quantity, type, volume and use of personal information, and as such enables the assessment of impact and risk in the processing of PII. One of the widgets, for example, helps monitor which users most frequently carry out actions on files with personal data.
One of the new features in the GDPR is the introduction of the figure of the DPO (Data Protection Officer). The duties of this official include, among others, supervising compliance with the regulation and advising on impact assessment in relation to data protection. Panda Data Control represents a great tool in order to execute the functions of the DPO thanks to the reports and information panels described above.
If your company collects and stores the personal data of EU citizens, then the GDPR concerns you. So if you are still unsure whether your company complies with the new regulation, it is time to implement security solutions that give you greater visibility and control of all personal data, including unstructured data, and strengthen your security. Precisely with this in mind, we have created Panda Data Control to simplify GDPR compliance and have integrated it in our advanced cybersecurity solution for companies, Panda Adaptive Defense.