Fortinet CFO Drew Del Matto shares his perspective on cybersecurity and GDPR. You can read the full article on CSO.com.
The General Data Protection Regulation (GDPR) is the European Union’s response to the risks associated with the increased role that technology now plays in everyday life. GDPR was ratified by member states in April 2016, and goes into effect on May 25, 2018. Although it is an EU regulation, it also applies to any organization –regardless of their physical location – if they collect the personal data of EU residents.
The objective of the new regulation is to ensure that adequate protection is incorporated into the process of collecting personal data “by default and by design.” It requires organizations to collect only the minimum amount of data needed for a specific purpose, and to then completely remove it when it is no longer needed. The regulation also defines individuals as the sole owners of their personal data, and not institutions or corporations. As the owner, these individuals must be able to withdraw their consent to the collection of the data as easily as it was to give permission.
Another advantage to an integrated security strategy is the reduction of complexity, which can significantly impair your assurance of compliance. With a security fabric strategy you can tangibly simplify your infrastructure, while at the same time taking a step beyond the capabilities of a discrete NGFW to a complete and interactive security framework that acts as an integrated whole. This approach extends visibility across the entire networked ecosystem, and reduces the time-to-detect for threats and vulnerabilities. This sort of next-level, holistic security infrastructure is essential for organizations hoping to meet GDPR requirements long-term. Without it, it’s just a matter of when, not if, they will be found out of compliance and have to pay.