Risk //

Compliance

12/5/2018
09:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

6 Ways to Strengthen Your GDPR Compliance Efforts

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation - and that could cost them.
2 of 7

1. Yes, US-Based Companies Have To Comply
Many companies mistakenly think that if they have a limited number of clients in the European Union, then GDPR doesn't apply to them, Forrester's Iannopollo says. Many also expect to get limited data requests that they can easily manage manually. The reality is the exact opposite. Along with the right to be forgotten - possibly the best-known request - companies must manage the broader set of 
data rights requests, she says. They include the right to be informed, the right to access, the right to rectification, the right to restriction of processing, the right to data portability, the right to object, and the right to not be profiled and the subject of automated decision-making.
That's why companies need tools to help them manage GDPR, Varonis' Radolec advises. Many don't always recognize how broad the regulations are, he adds. Even for US-based companies, the odds are high that EU citizens will visit your site, sign up for information, and even make purchases. Once you have their information, you are subject to GDPR.
Image Source: Pixabay

1. Yes, US-Based Companies Have To Comply

Many companies mistakenly think that if they have a limited number of clients in the European Union, then GDPR doesn't apply to them, Forrester's Iannopollo says. Many also expect to get limited data requests that they can easily manage manually. The reality is the exact opposite. Along with the right to be forgotten possibly the best-known request companies must manage the broader set of data rights requests, she says. They include the right to be informed, the right to access, the right to rectification, the right to restriction of processing, the right to data portability, the right to object, and the right to not be profiled and the subject of automated decision-making.

That's why companies need tools to help them manage GDPR, Varonis' Radolec advises. Many don't always recognize how broad the regulations are, he adds. Even for US-based companies, the odds are high that EU citizens will visit your site, sign up for information, and even make purchases. Once you have their information, you are subject to GDPR.

Image Source: Pixabay

2 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8948
PUBLISHED: 2019-02-20
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.
CVE-2019-8950
PUBLISHED: 2019-02-20
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2019-8942
PUBLISHED: 2019-02-20
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image c...
CVE-2019-8943
PUBLISHED: 2019-02-20
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring...
CVE-2019-8944
PUBLISHED: 2019-02-20
An Information Exposure issue in the Terraform deployment step in Octopus Deploy before 2019.1.8 (and before 2018.10.4 LTS) allows remote authenticated users to view sensitive Terraform output variables via log files.