Jump start EU Data Privacy Compliance with Data Classification

Jump start EU Data Privacy Compliance with Data Classification

Rui Melo BiscaiaWatchful Software

05/01/2023 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2

The new EU GDPR legislation. What is it?

Delivers serious financial penalties for data breaches (up to €20 million euros, or 4% of the global turnover)

90% of large businesses had a security breach in

2015 (up from 81% in 2014)

European Commission Press release, Brussels, 15 December 2015: ‘Agreement on Commission’s EU data protection reform

will boost Digital Single Market’

90%


74% of small businesses had a security breach in

2015 (up from 60% in 2014)

Dept for Business Innovation & Skills: 2015 Information Security Breaches Survey – PWC

74%



Makes data protection the responsibility of every company





Requires all businesses to report any data breaches within 72 hours

50% of cyber breaches derive

from human errorhttp://www.telegraph.co.uk/sponsored/business/british-

standards-institution/12012517/top-10-cyber-security-must-dos.html

50%


7% of enterprises acknowledge to have suffered a cloud security

breachEuropean Commission Press release, Brussels, 15 December

2015: ‘Agreement on Commission’s EU data protection reform will boost Digital Single Market’

7%





Demands enterprises to demonstrate their security and data privacy procedures at a moment’s notice


77% of enterprises admit not being

ready to face GDPR imperatives

“EU GDPR: A Corporate Dilemma“ Blancco Technology Group, 2016

77%





Demands enterprises to demonstrate their security and data privacy procedures at a moment’s notice

Introduces new complexities regarding how companies should save, share and track data


Will my enterprise be affected?

Applies to any company who handles EU citizen personal data, wherever they’re based

Makes all businesses fully accountable for protecting any data classified as ‘personal’

In particular, companies with third party service providers for data storage or cloud services will now assume shared legal responsibility for their suppliers’ data security measures


How can RightsWATCH help?


RightsWATCH can help in:

Focus on Personal Data: Identifying and Classifying Data

– Allows PII to be automatically identified, whenever it is received, handled, or shared in the form of unstructured data

– Applies protective markings, text descriptors and labels to identify the information requiring special handling

– Decreases corporate liability, while educating users about the sensitivity of information and ensuring adherence to policies



Joint Accountability: Policy-driven RBACs to Enforce Protection

– Warns/prevents users from going against corporate policies, while decreasing corporate liability in case of a data breach

– Delivers ways to enforce policy-driven RBACs to sensitive information

– Allows to safely share sensitive information via any media and with 3rd parties



Data Breach Notification & Governance: Knowing the “W”s

– Delivers a comprehensive audit trail allowing the documentation and trace of any authorized and unauthorized access to confidential data

– “Feeds” a Security Incident and Event Management for information gathering and knowledge generation

– Enables the generation of reports, alarms and the triggering of risk mitigation actions


1 Policy-Driven Data Classification & Labelling

2 Role-Based Access Control Policies

3 Dynamic Watermarking and Tagging

4 Unstructured Data Visibility & Monitoring

5 Complementing the Enterprise Security “Puzzle”

RightsWATCH in a nutshell


How can RightsWATCH help?


RightsWATCH helps you because of its:

1 Ability to enforce RBAC policies and Delegation & Segregation of Admin Duties via Ad Group Policy and/or Ad-hoc groups

2 Ability to push policies to the device and prevent users from uninstalling or bypassing those

3 Unique seamless integration of UI to prevent user rebellion and decrease learning curve

4 Ability to enforce classify, blocking or warning policies on new and legacy data based on content and/or context

5 Integration scenarios with adjacent technologies (DLP, RMS, IONIC, CABs, MDM, SIEM, ...) enhancing the joint Value Prop

6 Scalable infrastructure (including hosted desktops), able to adhere to phased and/or geografical dispersed roll-outs

7 Centralization of user and server side logs, enabling comprehensive audit trails

8 Market-driven roadmap, simple product structure, realistic pricing and on-the-fly support

Jump start EU Data Privacy Compliance with Data Classification

Rui Melo BiscaiaWatchful Software