The updated European Data Protection Regulation is expected to be finalized in 2016 and to enter into force in 2017 or 2018. For companies, the introduction means that they must take appropriate measures to ensure the safety and proper use of personal information. The upcoming law applies to both stored and processed data, including unstructured content that contains personal information (PII). Of course, data from cloud applications are also affected by the law.
A big challenge for companies will be the handling of personal data, which will be processed unstructured. This is done, for example, by employees who use cloud-based file sharing , apps to increase productivity or collaborative work. The same applies to the management of customer contacts or HR data as well as to applications for finance and accounting. With the new law, it is the responsibility of companies to protect these data from loss, alteration and unauthorized processing. This also applies when employees use cloud services that have not previously been approved and are not controlled by the company - the so-called "shadow IT".
Preventive measures
Netskope Cloud Risk Assessment provides an overview of all cloud applications that are used on a company's network. It also checks how well the company is prepared for the privacy regulation, whether the apps it uses comply with the company's policies, and creates a file that represents the existing regulations. In addition, the service may deliver risk mitigation and cloud usage recommendations in accordance with a company's rules.In addition, the cloud policy and update service helps businesses create a cloud apps compatibility policy and existing corporate policies. He also helps security teams with ongoing compliance by implementing security policies and streamlining the workflow. The service pays particular attention to the requirements of the data protection regulation with regard to clouds. The service can be adapted to the processes and existing technologies of each company.
security check
Especially by controlling the interactions that take place via Cloud, companies can comply with the Data Protection Regulation. This can be achieved by the following steps:
Uncover and monitor all cloud applications used by employees;
Know which personal data employees process via the cloud;
Securing data through corporate policies that ensure that uncontrolled cloud services are not used to store and process personal information;
Show employees which services have been approved by the IT department;
Use a Cloud Application Protection Provider to prepare companies for the Cloud Services Privacy Policy and to ensure that all data in and out of the cloud is protected.
Adrian Sanabria, an analyst at 415 Research, emphasizes the importance of such measures: "Today's Cloud, BYOD and SaaS are no more challenging than monitoring, tracking and controlling data within a company. The Data Protection Regulation is about preventing the misuse of personal data of EU citizens. Non-compliance can lead to serious penalties and sanctions, regardless of whether the breach was committed by the entire company or a single employee, regardless of the location of the company. Understanding what data exists and how it is used is the new challenge. "
Netskope has also put together a preparation package to help companies comply with the privacy act. It includes a white paper that addresses the company's upcoming law and commitments on coud- app usage, a checklist, a best-practice webinar and personal workshops.
