Get My Score

General Data Protection Regulation (GDPR)

Ensure Continuous Security for GDPR

 

Compliance with the General Data Protection Regulation (GDPR) is now a requirement for any company handling personal information belonging to EU citizens, irrespective of their physical location. Yes, organizations in North America are affected. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).

 

For most organizations, GDPR has added a new level of complexity, and Cavirin is assisting many organizations with the tools required to further automate their compliance with the digital requirements of this regulation. To find out how, download Cavirin’s on-demand Webinar, where experts provide guidance on what GDPR means to US companies and an action plan to automate your compliance address this global regulation.

Watch Webinar

Broad Requirements of GDPR

Getting ready for GDPR is about protecting individual’s personal data from breach or loss. From an infrastructure security perspective, this translates into the following broad requirements:

  • Auditing Personal Data Processing Systems: Ensuring that all user and admin activities in personal data processing systems is traceable at all times.
  • Monitoring Personal Data Processing Systems to ensure they are safe from software vulnerabilities
  • Personal Data Access controls: Ensure that access to systems storing or processing personal data is restricted to only users or programs that need it
  • Personal Data Security controls: Monitoring configuration settings for systems storing or processing personal data to prevent breaches and disclosure
  • Personal Data Transfer Security: Monitoring usage of encryption and network configuration to detect and/or prevent unauthorized transfers of personal data

These requirements apply to all systems that store or process personal data, regardless of whether they are on-premises or in public clouds. The same requirements apply to any organization handling EU resident/citizen data, including cloud service providers.

2018 GDPR Compliance Report

A whopping 60% of organizations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.  These are just a few of the riveting findings coming from this year's GDPR Compliance Report.

This report has been produced by the 400,000 member Information Security Community on LinkedIn in partnership with Cybersecurity Insiders to explore how organizations are responding to the GDPR Regulation, and what is striking is the lack of GDPR expertise and an overall underestimation of the effort required to meet the regulation.

Download, this free report, to find out what cybersecurity and compliance professionals are doing now that the deadline is here.

Download Report

 

The Solution

Cavirin, leveraging deep expertise in industry best security practices and regulatory controls, has developed a GDPR Policy Pack consisting of nearly 4,400 infrastructure security controls tailored to the requirements for protecting and monitoring access to personal data, spanning various Operating Systems and their networking configurations. As an example, 400 policies pertain to protecting and monitoring Windows 10 machines. Organizations can assess their on-premises and public cloud infrastructure against this Policy Pack and gauge their GDPR readiness at a glance. More important, Cavirin helps organizations reach a “golden posture” with respect to GDPR compliance through targeted security remediation plans. Besides GDPR, organizations can also leverage 20 other policy packs spanning 80,000+ policies to protect and continuously monitor their infrastructure.

 

Download Solution Guide

Get Your GDPR Security Risk Score

To get an understanding of your security posture we’ll conduct a live GDPR assessment of your on-premise or cloud-based workloads, including Docker. You’ll see an overall score across all frameworks tested, and can even drill-down by OS, individual policy packs (other then GDPR if desired), and even specific control families. The score offers you a common view across multiple OSs with no conflicting guidance, and can even span on-premise and multiple cloud service providers.

 

Get GDPR Risk Score

© 2018 Cavirin Systems, Inc. All rights reserved.