Risk //

Compliance

12/5/2018
09:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

6 Ways to Strengthen Your GDPR Compliance Efforts

Companies have some mistaken notions about how to comply with the new data protection and privacy regulation - and that could cost them.
2 of 7

1. Yes, US-Based Companies Have To Comply
Many companies mistakenly think that if they have a limited number of clients in the European Union, then GDPR doesn't apply to them, Forrester's Iannopollo says. Many also expect to get limited data requests that they can easily manage manually. The reality is the exact opposite. Along with the right to be forgotten - possibly the best-known request - companies must manage the broader set of 
data rights requests, she says. They include the right to be informed, the right to access, the right to rectification, the right to restriction of processing, the right to data portability, the right to object, and the right to not be profiled and the subject of automated decision-making.
That's why companies need tools to help them manage GDPR, Varonis' Radolec advises. Many don't always recognize how broad the regulations are, he adds. Even for US-based companies, the odds are high that EU citizens will visit your site, sign up for information, and even make purchases. Once you have their information, you are subject to GDPR.
Image Source: Pixabay

1. Yes, US-Based Companies Have To Comply

Many companies mistakenly think that if they have a limited number of clients in the European Union, then GDPR doesn't apply to them, Forrester's Iannopollo says. Many also expect to get limited data requests that they can easily manage manually. The reality is the exact opposite. Along with the right to be forgotten possibly the best-known request companies must manage the broader set of data rights requests, she says. They include the right to be informed, the right to access, the right to rectification, the right to restriction of processing, the right to data portability, the right to object, and the right to not be profiled and the subject of automated decision-making.

That's why companies need tools to help them manage GDPR, Varonis' Radolec advises. Many don't always recognize how broad the regulations are, he adds. Even for US-based companies, the odds are high that EU citizens will visit your site, sign up for information, and even make purchases. Once you have their information, you are subject to GDPR.

Image Source: Pixabay

2 of 7
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure Mentem,  12/5/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8651
PUBLISHED: 2018-12-12
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8652
PUBLISHED: 2018-12-12
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8617
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8618
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8619
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Exp...