With the GDPR going into effect this week, organizations that this new data protection regulation applies to are left with little time to make sure they have completed the preparations needed in order to achieve compliance with all provisions it entails. The GDPR is aimed at protecting consumer data privacy, and organizations that control and manage personal information of EU citizens in any capacity have until May 25th to adjust their procedures with regards to protection against, and respond to data breaches, in accordance with the new legislation.
Specific measures that organizations have to implement include formalized incident response procedures and internal data breach notification processes, along with demonstration of capability to notify authorities and data subjects in the event of a data breach within a strictly specified timeframe. Putting these measures in place can be an expensive and extremely complicated process, but absolutely necessary nonetheless. Therefore organizations can probably use all the help they can get to reduce the costs associated with meeting GDPR breach notification requirements while streamlining their existing processes as much as possible. This is where a host of security tools come into play, with a vast amount of different solutions available to choose from. While variety and choice is good, on the other hand it can also cause a headache for security professionals, making it difficult for them to make an informed decision and to choose the most cost-effective and relevant solution to cater for their needs.
To make it easier for security professionals to evaluate what they need in order to make sure their organizations are compliant with the upcoming GDPR requirements, this post will offer an overview of the most essential tools and why they are essential for GDPR breach notification compliance.
One of the most important elements of GDPR compliance is how organizations respond to cyber incidents, particularly as it relates to breach notification procedures. Among other things, the GDPR requires that in the event of a data breach that has an impact of data subjects, the affected organization notify the appropriate supervisory authorities within 72 hours of the moment the breach occurred. This is arguably one of the GDPR requirements that organizations are most concerned about, as it involves a short timeframe within which they must not only detect and contain the breach, but be able to fully report on the details while following strict protocols, including documenting the events and making sure the proper incident response and case management procedures have been followed. Failure to comply with these rules can lead to severe and long-lasting consequences, damaging organizations’ reputation as well as their bottom line.
In order to be able to gather evidence and document a data breach and provide proof to authorities that the appropriate formalized procedures have been followed, organizations need a tool that can help make that process as streamlined as possible. That’s exactly the purpose of incident response and case management solutions, which are designed to allow reactions to incidents to be immediate and thorough by following set procedures, processes and workflows. These solutions have the ability to perform effective case management, including creation of an incident record, task assignment and management, evidence collation and analysis, along with data sharing and reporting, all of which are essential elements of meeting various GDPR requirements.
Automated and Orchestrated Response
In addition to case management and incident response procedures, organizations should be looking to automate and orchestrate their response to incidents such as breaches as much as possible. 72 hrs will lapse very fast and it is critical to get these potential incidents under control as soon as possible. With increasing numbers of alerts being received by security teams while usually facing the issue of limited resources, this not only accelerates the mean time to detection and mean time to resolution of potential incidents, but also helps to meet GDPR compliance timeframes.
Security orchestration, automation and response (SOAR) solutions can do this by providing incident response and breach notification playbooks specifically designed to align an organization’s reaction to these types of events with GDPR best practices in mind. They also entail specific GDPR workflows that can be automatically enforced, repeated and formalized, which is another important aspect of achieving GDPR compliance.
How DFLabs IncMan SOAR Platform Can Help
Meeting GDPR requirements and being able to demonstrate compliance takes a comprehensive approach that inevitably requires the implementation of a set of tools that have the capability to ensure a proper implementation of the required procedures in the event of a data breach impacting data subjects. Having a platform in place to formalize and support these requirements is crucial, so why use multiple tools and solutions when you can just use one?
DFLabs IncMan SOAR platform combines incident response and case management processes with comprehensive automation and orchestration functions. This enables organizations to fully adhere to breach notification requirements by implementing an incident response plan in case of a potential breach, automating associated processes, prioritizing incident response and related enrichment and containment actions, managing notification distribution and subsequent advanced reporting documentation of any incident.
The EU GDPR will be enforced from May 25th next year. GDPR mandates a wide variety of requirements on how data processors must manage customer and 3rd party data. Although it is not primarily focused on cybersecurity, it does contain vague requirements on security monitoring. This includes that data processors must establish a breach notification procedure, that include incident identification systems, and must be able to demonstrate that they have established an incident response plan.
Further, there is a requirement to be able to notify the supervisory authority of a data breach within 72 hours of becoming aware of a data breach or face a stiff financial penalty. This last requirement is of special interest beyond the impact on data processors. Because it means that for the first time, we will begin having reliable data on European breaches.
Historically, European companies have had no external requirement to be transparent about being affected by a breach. This has had the consequence that we have not had good data or an awareness of how well or badly European organizations are doing when it comes to preventing or responding to security breaches.
I am sure that if like myself, you have worked in forensics and incident response in Europe over the years, you are aware of far more breaches that are publicly disclosed. The only information available is when a breach is disclosed due to the press and law enforcement, or the impact is so great that it can’t be ignored. We also have some anonymized reports from some vendors and MSSP’s, but these are really no more than samples. While not without benefit, these also do not provide a reliable indicator, as the samples are not necessarily statistically representative This provides a false sense of how European organizations are faring compared to other regions and presents a skewed image of European security in general.
The true state of European security is an unknown and has been difficult to quantify. I have seen German articles for example that have claimed that German Security is better than the rest of the world because there are less known breaches. The absence of evidence is of course not evidence of absence. Something that has not been quantified cannot be said to be good or bad. More importantly, if you do not measure something, it cannot be improved.
It will be interesting to see whether GDPR will force European organizations to place more focus on Incident Detection and Response, and give us insight into the true state of European security.