user.W5wIBL9gRo

GDPR Management for Email: New Resources 

Blog Post created by user.W5wIBL9gRo Employee on Apr 6, 2017

Achmad Chadran is Senior Product Marketing Manager, Archiving, at Mimecast. He's been in awe of the brilliance, patience, and tolerance of his coworkers since coming on board in April of 2016.

 

There’s been some discussion on Mimecaster Central lately about the forthcoming General Data Protection Regulation (GDPR).

                                                                                                                                                 

When implemented, its impact will be far-reaching, since any organization anywhere in the world that retains or processes EU residents’ personal data will be subject to its provisions. The regulation places EU residents squarely in control of their own personal data. The heavy burden placed on organizations as a result comes primarily from two processes: Subject Access Requests (SARs) and so-called “Right to be Forgotten” (RTBF) requests.

 

GDPR and Cybercrime                                                          

                                                             

Surprisingly, little has been said about the challenges of overhauling privacy in the current era of phishing and ransomware. The combination of growing regulatory burdens and the increasingly volatile threat landscape put organizations in a double bind. The GDPR emerged in part as a response to the growing cybercrime threat, yet its directives to retool organizational policies, processes, and structures stand to compound the burdens of well-intentioned organizations.

 

Email at the Epicenter

 

Over 90 percent of phishing cybercrime exploits begin with email, making it the single biggest threat vector to organizations and the data they manage. Furthermore, not only are emails a common vehicle to share and exchange personal data, email servers are prime repositories for such data as names, email addresses, and associated contact information.

 

Managing GDPR risk starts with securing your data and infrastructure against the litany of email threats mentioned above. In addition, to suit GDPR mandates for reporting on and deleting personal data upon request, your email infrastructure needs to streamline search and e-discovery.

 

Finally, every user in your domain must be vigilant against the onslaught of email-based attacks, and play a vital role in notifying your Data Protection Officer (DPO) of any suspected privacy breaches.

 

To help guide your journey to GDPR compliance, download the Osterman Research whitepaper, GDPR Compliance and its Impact on Security and Data Protection Programs.

 

Additionally, to help you be successful in the GDPR era, we’ve set up a solution page on our website, GDPR for Email, with a mix of third-party materials and our own Solution Brief. We fully anticipate adding to this page in the coming months!

Outcomes