There’s been some discussion on Mimecaster Central lately about the forthcoming General Data Protection Regulation (GDPR).
When implemented, its impact will be far-reaching, since any organization anywhere in the world that retains or processes EU residents’ personal data will be subject to its provisions. The regulation places EU residents squarely in control of their own personal data. The heavy burden placed on organizations as a result comes primarily from two processes: Subject Access Requests (SARs) and so-called “Right to be Forgotten” (RTBF) requests.
GDPR and Cybercrime
Surprisingly, little has been said about the challenges of overhauling privacy in the current era of phishing and ransomware. The combination of growing regulatory burdens and the increasingly volatile threat landscape put organizations in a double bind. The GDPR emerged in part as a response to the growing cybercrime threat, yet its directives to retool organizational policies, processes, and structures stand to compound the burdens of well-intentioned organizations.
Email at the Epicenter
Over 90 percent of phishing cybercrime exploits begin with email, making it the single biggest threat vector to organizations and the data they manage. Furthermore, not only are emails a common vehicle to share and exchange personal data, email servers are prime repositories for such data as names, email addresses, and associated contact information.
Managing GDPR risk starts with securing your data and infrastructure against the litany of email threats mentioned above. In addition, to suit GDPR mandates for reporting on and deleting personal data upon request, your email infrastructure needs to streamline search and e-discovery.
Finally, every user in your domain must be vigilant against the onslaught of email-based attacks, and play a vital role in notifying your Data Protection Officer (DPO) of any suspected privacy breaches.
To help guide your journey to GDPR compliance, download the Osterman Research whitepaper, GDPR Compliance and its Impact on Security and Data Protection Programs.
Additionally, to help you be successful in the GDPR era, we’ve set up a solution page on our website, GDPR for Email, with a mix of third-party materials and our own Solution Brief. We fully anticipate adding to this page in the coming months!