GDPR applies to Swiss Enterprises too !

Gdpr General Data Protection 213892279
With the European Union’s General Data Protection Regulation (GDPR) compliance deadline of May 25, 2018, you’ve only got a few months to decide what, exactly, GDPR means for your company, your customers, and your employees.

Compliance with new data protection regulations is crucial to avoid legal liability, protect your brand, and preserve customer and employee confidence. Those who fail to meet compliance guidelines face heavy financial penalties.
GDPR doesn’t just affect European companies. Any business collecting and handling the personal data of EU citizens must comply even if they’re based outside the EU. As such, these changes bring new liabilities for the vast majority of businesses around the world.

If you meet any of the following criteria, GDPR affects you:

  • You have a business presence in an EU country.
  • You have a business presence outside an EU country, but you collect and process the personal data of EU citizens.
  • Your company consists of more than 250 employees.
  • Your company has fewer than 250 employees, but you process sensitive personal data.
Given the severity of fines and sweeping changes that are coming, it’s critical—if you meet any of the criteria above—that you begin working towards compliance today. Your organization can already take proactive steps to stay ahead by focusing on a few key identity governance priorities: locating sensitive data, understanding who has access to it and maintaining proper access controls on that data.

1. Identify Your Sensitive Data
First, develop a complete picture of where customer data that is required to be protected under GDPR exists within your organization. It may be in structured systems such as applications or databases, or it may reside as unstructured data (such as an Excel spreadsheet or PDF report exported from an application or database) located on file systems, collaboration portals (such as SharePoint) or even in cloud storage systems (such as Box or Google Drive).
2. Determine Who Has Access
Second, understand who should have access to customer data and reconcile it with who does. This should be an ongoing process, not a one-time event. Make sure to include all applications and file storage platforms (both those running on-premises and in the cloud) where you are actively storing customer data.

3. Create Preventive & Forensic Controls
Users should have access to only the minimum resources they need (“least privilege”) and access to sensitive data should be highly restricted. You need to build a governance model that aligns access to applications and data based on business need. This is where identity and data access governance tools can help make sure users are not able to attain improper access; then, automate review and monitoring processes for user access.
Let our team of IT identity and data protection experts help you take the first steps to comply with GDPR directives that apply to your organization. We have long-time expertise, methodologies and practical tools to accelerate your GDPR adoptions. Do not hesitate to contact us.

Request a free appointment

Sign Up To Our Newsletter